diff --git a/roles/jellyfin/files/jellyfin.container b/roles/jellyfin/files/jellyfin.container index 5d7abf0..26d52b1 100644 --- a/roles/jellyfin/files/jellyfin.container +++ b/roles/jellyfin/files/jellyfin.container @@ -3,8 +3,8 @@ Description=jellyfin container [Container] ContainerName=jellyfin -Image=ghcr.io/jellyfin/jellyfin -Network=frontend.network +Image=ghcr.io/jellyfin/jellyfin:latest +Network=jellyfin.network Volume=/srv/jellyfin/config:/config:Z Volume=/srv/jellyfin/cache:/cache:Z Volume=/srv/jellyfin/media:/media:z,ro diff --git a/roles/jellyfin/files/jellyfin.network b/roles/jellyfin/files/jellyfin.network new file mode 100644 index 0000000..907004b --- /dev/null +++ b/roles/jellyfin/files/jellyfin.network @@ -0,0 +1,3 @@ +[Network] +Internal=true +Options=isolate=true diff --git a/roles/jellyfin/tasks/main.yaml b/roles/jellyfin/tasks/main.yaml index 6e899fe..1b739ac 100644 --- a/roles/jellyfin/tasks/main.yaml +++ b/roles/jellyfin/tasks/main.yaml @@ -36,6 +36,14 @@ group: root mode: '0644' +- name: Copy over jellyfin.network file + ansible.builtin.copy: + src: ./files/jellyfin.network + dest: /etc/containers/systemd/jellyfin.network + owner: root + group: root + mode: '0644' + - name: Copy over jellyfin nginx config ansible.builtin.copy: src: ./files/jellyfin.conf diff --git a/roles/nginx/templates/nginx.container.j2 b/roles/nginx/templates/nginx.container.j2 index 119f336..9390f49 100644 --- a/roles/nginx/templates/nginx.container.j2 +++ b/roles/nginx/templates/nginx.container.j2 @@ -9,6 +9,7 @@ Image=ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim PublishPort=80:8080 PublishPort=443:8443 Network=frontend.network +Network={{ nginx_dependent_service }}.network Volume=/srv/nginx/nginx.conf:/etc/nginx/nginx.conf:ro Volume=/srv/nginx/conf.d:/etc/nginx/conf.d:ro Volume=/srv/certs:/etc/nginx/ssl:Z diff --git a/roles/radicale/files/radicale.container b/roles/radicale/files/radicale.container index 7cd2b39..c635604 100644 --- a/roles/radicale/files/radicale.container +++ b/roles/radicale/files/radicale.container @@ -6,19 +6,19 @@ ContainerName=radicale RunInit=true DropCapability=ALL AddCapability=SETUID SETGID CHOWN KILL -Image=docker.io/tomsquest/docker-radicale -Network=frontend.network +Image=docker.io/tomsquest/docker-radicale:latest +Network=radicale.network Volume=/srv/radicale/config:/config:Z,ro Volume=/srv/radicale/data:/data:Z -#PodmanArgs=--runtime runsc --security-opt label:disable -#Label=disable +PodmanArgs=--runtime runsc --security-opt label:disable +Label=disable AutoUpdate=registry [Install] WantedBy=multi-user.target default.target [Service] -TasksMax=50 -MemoryHigh=256M +TasksMax=100 +MemoryHigh=512M Restart=always diff --git a/roles/radicale/files/radicale.network b/roles/radicale/files/radicale.network new file mode 100644 index 0000000..907004b --- /dev/null +++ b/roles/radicale/files/radicale.network @@ -0,0 +1,3 @@ +[Network] +Internal=true +Options=isolate=true diff --git a/roles/radicale/tasks/main.yaml b/roles/radicale/tasks/main.yaml index ad9b72d..830157a 100644 --- a/roles/radicale/tasks/main.yaml +++ b/roles/radicale/tasks/main.yaml @@ -24,6 +24,14 @@ group: root mode: '0644' +- name: Copy over radicale.network file + ansible.builtin.copy: + src: ./files/radicale.network + dest: /etc/containers/systemd/radicale.network + owner: root + group: root + mode: '0644' + - name: Copy over radicale config ansible.builtin.copy: src: ./files/config