Get podman containers as services working. Added verbosity for the postrun_action to debug
This commit is contained in:
Raphaël Numbus
@@ -736,6 +736,7 @@ postrun_action() {
|
||||
while FOUND="false"; do
|
||||
if ping -c1 -W1 $HOME_SERVER_IP >/dev/null 2>&1; then
|
||||
FOUND="true"
|
||||
echo -e "\n✅ Ping ${HOME_SERVER_IP} successful ! Continuing..."
|
||||
else
|
||||
(i++)
|
||||
if [[ "\${i}" -gt 150 ]]; then
|
||||
@@ -747,8 +748,7 @@ postrun_action() {
|
||||
done
|
||||
|
||||
ssh_to_host 'bash -s' << EOF
|
||||
sed -i "s|# ./disks/pcr-check.nix| ./disks/pcr-check.nix|" /etc/nixos/configuration.nix
|
||||
|
||||
echo "Enrolling boot disk key to TPM..."
|
||||
if [[ ${#BOOT_DISKS_ID[@]} -eq 1 ]]; then
|
||||
echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISKS_1_NAME}
|
||||
elif [[ ${#BOOT_DISKS_ID[@]} -eq 2 ]]; then
|
||||
@@ -756,6 +756,7 @@ elif [[ ${#BOOT_DISKS_ID[@]} -eq 2 ]]; then
|
||||
echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-2 /dev/${BOOT_DISKS_2_NAME}
|
||||
fi
|
||||
|
||||
echo "Getting PCRS 15 hash..."
|
||||
PCR_HASH=\$(echo $REMOTE_PASS | sudo -S systemd-analyze pcrs 15 --json=short)
|
||||
|
||||
sed -i "s|# systemIdentity.enable = true;| systemIdentity.enable = true;|" /etc/nixos/configuration.nix
|
||||
|
||||
@@ -55,8 +55,10 @@ in
|
||||
|
||||
systemd.services.${container_name} = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" "traefik.service" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "traefik.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "numbus-admin";
|
||||
|
||||
@@ -68,8 +68,10 @@ in
|
||||
|
||||
systemd.services.${container_name} = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" "traefik.service" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "traefik.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "numbus-admin";
|
||||
|
||||
@@ -54,8 +54,10 @@ in
|
||||
'';
|
||||
systemd.services.${container_name} = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" "traefik.service" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "traefik.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "numbus-admin";
|
||||
|
||||
@@ -91,8 +91,10 @@ in
|
||||
|
||||
systemd.services.${container_name} = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" "traefik.service" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "traefik.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "numbus-admin";
|
||||
|
||||
@@ -34,8 +34,10 @@ in
|
||||
|
||||
systemd.services.${container_name} = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" "traefik.service" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "traefik.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "numbus-admin";
|
||||
|
||||
@@ -57,8 +57,10 @@ in
|
||||
|
||||
systemd.services.${container_name} = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" "traefik.service" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "traefik.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "numbus-admin";
|
||||
|
||||
@@ -86,8 +86,10 @@ in
|
||||
|
||||
systemd.services.${container_name} = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" "traefik.service" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "traefik.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "numbus-admin";
|
||||
|
||||
@@ -62,8 +62,10 @@ in
|
||||
'';
|
||||
systemd.services.${container_name} = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" "traefik.service" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "traefik.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "numbus-admin";
|
||||
|
||||
@@ -44,8 +44,10 @@ TRAEFIK_REF_NETWORKS
|
||||
|
||||
systemd.services.traefik = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" "numbus-activation-networked.service" "numbus-activation-chowned.service" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "numbus-activation-networked.service" "numbus-activation-chowned.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "numbus-admin";
|
||||
|
||||
Reference in New Issue
Block a user