forked from username/flaskpaste
b9f0283a3b
- flaskpaste.container for rootless systemd integration - UserNS mapping for bind mount permissions - README updated with deployment instructions
39 lines
1.2 KiB
Plaintext
39 lines
1.2 KiB
Plaintext
# FlaskPaste container unit
|
|
# Deploy as flaskpaste user with data in /opt/flaskpaste
|
|
#
|
|
# Setup:
|
|
# useradd -r -m -d /home/flaskpaste -s /sbin/nologin flaskpaste
|
|
# mkdir -p /opt/flaskpaste && chown flaskpaste:flaskpaste /opt/flaskpaste
|
|
# cp flaskpaste.container /home/flaskpaste/.config/containers/systemd/
|
|
# sudo -u flaskpaste podman build -t localhost/flaskpaste:latest /path/to/source
|
|
# loginctl enable-linger flaskpaste
|
|
# systemctl --user -M flaskpaste@ daemon-reload
|
|
# systemctl --user -M flaskpaste@ start flaskpaste
|
|
|
|
[Unit]
|
|
Description=FlaskPaste pastebin service
|
|
After=local-fs.target
|
|
|
|
[Container]
|
|
Image=localhost/flaskpaste:latest
|
|
ContainerName=flaskpaste
|
|
PublishPort=5001:5000
|
|
Volume=/opt/flaskpaste:/app/data:Z
|
|
UserNS=keep-id:uid=999,gid=999
|
|
|
|
Environment=FLASK_ENV=production
|
|
Environment=FLASKPASTE_URL_PREFIX=/paste
|
|
Environment=FLASKPASTE_EXPIRY_ANON=432000
|
|
Environment=FLASKPASTE_MAX_ANON=3145728
|
|
Environment=FLASKPASTE_MAX_AUTH=52428800
|
|
|
|
# Note: Healthcheck defined in Containerfile; Quadlet healthcheck disabled to avoid race
|
|
# Resource limits (--memory, --cpus) require cgroup delegation for rootless
|
|
|
|
[Service]
|
|
Restart=always
|
|
TimeoutStartSec=300
|
|
|
|
[Install]
|
|
WantedBy=default.target
|