foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

php4dvd: Use TLS for MariaDB connections

Browse source
This commit is contained in:
Timo Makinen 2023-11-26 17:41:18 +00:00
parent 270da668c3
commit ad187f51e3
3 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
roles/php4dvd/tasks/main.yml
View file

@ -18,6 +18,15 @@
- php4dvd - php4dvd
creates: /var/lib/systemd/linger/php4dvd creates: /var/lib/systemd/linger/php4dvd
- name: Copy host key
ansible.builtin.copy:
dest: "{{ tls_private }}/php4dvd.key"
src: "{{ tls_private }}/{{ inventory_hostname }}.key"
mode: "0640"
owner: root
group: php4dvd
remote_src: true
- name: Get container source - name: Get container source
ansible.builtin.git: ansible.builtin.git:
dest: /usr/local/src/docker-php4dvd dest: /usr/local/src/docker-php4dvd

3
roles/php4dvd/templates/php4dvd-container.service.j2
View file

@ -10,6 +10,9 @@ ExecStart=/usr/bin/podman run \
--rm -p 127.0.0.1:8005:80 \ --rm -p 127.0.0.1:8005:80 \
--name php4dvd \ --name php4dvd \
--env PHP4DVD_* \ --env PHP4DVD_* \
--volume={{ tls_certs }}/ca.crt:/etc/ssl/certs/ca.crt:ro \
--volume={{ tls_certs }}/{{ inventory_hostname }}.crt:/etc/ssl/certs/{{ inventory_hostname }}.crt:ro \
--volume={{ tls_private }}/php4dvd.key:/etc/ssl/private/{{ inventory_hostname }}.key:ro \
--volume /export/volumes/php4dvd:/var/www/html/movies:rw,Z \ --volume /export/volumes/php4dvd:/var/www/html/movies:rw,Z \
php4dvd:latest php4dvd:latest
ExecStop=/usr/bin/podman stop --ignore php4dvd ExecStop=/usr/bin/podman stop --ignore php4dvd

3
roles/php4dvd/templates/php4dvd-container.sysconfig.j2
View file

@ -2,4 +2,7 @@ PHP4DVD_DB_HOST=sqldb02.home.foo.sh
PHP4DVD_DB_NAME=php4dvd PHP4DVD_DB_NAME=php4dvd
PHP4DVD_DB_USER=php4dvd PHP4DVD_DB_USER=php4dvd
PHP4DVD_DB_PASS={{ php4dvd_mysql_pass }} PHP4DVD_DB_PASS={{ php4dvd_mysql_pass }}
PHP4DVD_DB_KEY=/etc/ssl/private/{{ inventory_hostname }}.key
PHP4DVD_DB_CERT=/etc/ssl/certs/{{ inventory_hostname }}.crt
PHP4DVD_DB_CACERT=/etc/ssl/certs/ca.crt
PHP4DVD_USER_GUESTVIEW=true PHP4DVD_USER_GUESTVIEW=true