_______________________________________________On 7/9/19 4:48 PM, Eric Gustavsson wrote:
On Tue, 9 Jul 2019 at 22:03, Daniel Walsh <dwalsh@redhat.com> wrote:
On 7/9/19 3:52 PM, Eric Gustavsson wrote:
> [Unit]
> Description=Bitwarden
> Wants=syslog.service
>
> [Service]
> User=spytec
> Group=spytec
> TimeoutStartSec=0
> ExecStart=/usr/bin/podman run \
> --security-opt label=disable \
> --userns keep-id \
> -e ROCKET_PORT=8080 \
> -e SIGNUPS_ALLOWED=false \
> -e ADMIN_TOKEN=key \
> -p 8080:8080 \
> -v /home/spytec/Bitwarden/bw-data/:/data/ \
> --rm --name 'bitwarden' bitwardenrs/server:latest
> ExecReload=-/usr/bin/podman stop 'bitwarden'
> ExecReload=-/usr/bin/podman rm 'bitwarden'
> ExecStop=-/usr/bin/podman stop 'bitwarden'
> Restart=always
> RestartSec=30s
> KillMode=none
> SyslogIdentify=bitwarden
>
> [Install]
> WantedBy=multi-user.target
[Unit]
Description=Bitwarden
Wants=syslog.service
[Service]
User=spytec
Group=spytec
TimeoutStartSec=0
ExecStart=/usr/bin/podman run \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecReload=-/usr/bin/podman stop 'bitwarden'
ExecReload=-/usr/bin/podman rm 'bitwarden'
ExecStop=-/usr/bin/podman stop 'bitwarden'
Restart=always
RestartSec=30s
KillMode=none
SyslogIdentify=bitwarden
[Install]
WantedBy=multi-user.target
Why are you recreating the service each time. Why not just create the container and then start and stop the container within the unit file.
I wanted to always keep the image up to date, so if I restart the service it would fetch the latest image as well. I've seen articles doing this, is this not good practise?
/usr/bin/podman create \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecStart=/usr/bin/podman start bitwarden
ExecStop=-/usr/bin/podman stop bitwarden
ExecReload-/usr/bin/podman restart bitwarden
Also why do yo need to disable SELinux separation?
Does
-v /home/spytec/Bitwarden/bw-data/:/data/:Z \
Allow you to work?
That does indeed work, thank you. Forgot about the :Z annotation.
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io
_______________________________________________ Podman mailing list -- podman@lists.podman.io To unsubscribe send an email to podman-leave@lists.podman.ioMight be better to have a daily cron job that recreates the container when a new version shows up, and restarts the service.
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io