ejr/ansible-role-feedstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update container definitions to run all services as a non-root user.

Browse Source
This commit is contained in:
Eric Rakestraw
2026-03-06 15:03:22 +00:00
parent 7b2081b94c
commit 496424982e
5 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tasks/main.yml
View File

@@ -34,4 +34,5 @@
- name: Run the docker-compose role to apply the docker-compose.yml file. - name: Run the docker-compose role to apply the docker-compose.yml file.
import_role: import_role:
name: "docker-compose" name: "docker-compose"
... ...

3
vars/containers/nats.yml
View File

@@ -7,6 +7,9 @@ nats:
# Define the docker image to be used for this container. # Define the docker image to be used for this container.
image: "{{ feedstack_nats_container_image }}:{{ feedstack_nats_container_tag }}" image: "{{ feedstack_nats_container_image }}:{{ feedstack_nats_container_tag }}"
# Define the user that the container should be run as.
user: "{{ docker_user_id }}:{{ docker_group_id }}"
# Define the path where application data for this container will be stored. # Define the path where application data for this container will be stored.
appdata_directory: "{{ docker_appdata_directory }}/nats" appdata_directory: "{{ docker_appdata_directory }}/nats"

10
vars/containers/watchtower.yml
View File

@@ -7,10 +7,20 @@ watchtower:
# Define the docker image to be used for this container. # Define the docker image to be used for this container.
image: "{{ feedstack_watchtower_container_image }}:{{ feedstack_watchtower_container_tag }}" image: "{{ feedstack_watchtower_container_image }}:{{ feedstack_watchtower_container_tag }}"
# Define the user that the container should be run as.
user: "{{ docker_user_id }}:{{ docker_group_id }}"
# Define the path where application data for this container will be stored. # Define the path where application data for this container will be stored.
appdata_directory: "{{ docker_appdata_directory }}/watchtower" appdata_directory: "{{ docker_appdata_directory }}/watchtower"
# Define the volumes that should be mounted into the container. # Define the volumes that should be mounted into the container.
volumes: volumes:
- "/var/run/docker.sock:/var/run/docker.sock" - "/var/run/docker.sock:/var/run/docker.sock"
- "{{ docker_home_directory }}/.docker:/config:ro"
# Define environment variables to be passed to the container.
environment_variables:
- "WATCHTOWER_CLEANUP=true"
- "DOCKER_CONFIG=/config"
... ...

3
vars/containers/weatherfeeder.yml
View File

@@ -7,6 +7,9 @@ weatherfeeder:
# Define the docker image to be used for this container. # Define the docker image to be used for this container.
image: "{{ feedstack_weatherfeeder_container_image }}:{{ feedstack_weatherfeeder_container_tag }}" image: "{{ feedstack_weatherfeeder_container_image }}:{{ feedstack_weatherfeeder_container_tag }}"
# Define the user that the container should be run as.
user: "{{ docker_user_id }}:{{ docker_group_id }}"
# Define the path where application data for this container will be stored. # Define the path where application data for this container will be stored.
appdata_directory: "{{ docker_appdata_directory }}/weatherfeeder" appdata_directory: "{{ docker_appdata_directory }}/weatherfeeder"

3
vars/containers/weatherprocessor.yml
View File

@@ -7,6 +7,9 @@ weatherprocessor:
# Define the docker image to be used for this container. # Define the docker image to be used for this container.
image: "{{ feedstack_weatherprocessor_container_image }}:{{ feedstack_weatherprocessor_container_tag }}" image: "{{ feedstack_weatherprocessor_container_image }}:{{ feedstack_weatherprocessor_container_tag }}"
# Define the user that the container should be run as.
user: "{{ docker_user_id }}:{{ docker_group_id }}"
# Define the path where application data for this container will be stored. # Define the path where application data for this container will be stored.
appdata_directory: "{{ docker_appdata_directory }}/weatherprocessor" appdata_directory: "{{ docker_appdata_directory }}/weatherprocessor"