mustard/proxmox-vms
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: fix gvisor for radicale, add isolated networks for jellyfin / radicale

Browse source
This commit is contained in:
mustard 2025-11-09 19:50:58 +01:00
parent b7a31a899c
commit bed7bcf4fd
7 changed files with 31 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

12
roles/radicale/files/radicale.container
View file

@ -6,19 +6,19 @@ ContainerName=radicale
RunInit=true
DropCapability=ALL
AddCapability=SETUID SETGID CHOWN KILL
Image=docker.io/tomsquest/docker-radicale
Network=frontend.network
Image=docker.io/tomsquest/docker-radicale:latest
Network=radicale.network
Volume=/srv/radicale/config:/config:Z,ro
Volume=/srv/radicale/data:/data:Z
#PodmanArgs=--runtime runsc --security-opt label:disable
#Label=disable
PodmanArgs=--runtime runsc --security-opt label:disable
Label=disable
AutoUpdate=registry
[Install]
WantedBy=multi-user.target default.target
[Service]
TasksMax=50
MemoryHigh=256M
TasksMax=100
MemoryHigh=512M
Restart=always

3
roles/radicale/files/radicale.network Normal file
View file

@ -0,0 +1,3 @@
[Network]
Internal=true
Options=isolate=true

8
roles/radicale/tasks/main.yaml
View file

@ -24,6 +24,14 @@
group: root
mode: '0644'
- name: Copy over radicale.network file
ansible.builtin.copy:
src: ./files/radicale.network
dest: /etc/containers/systemd/radicale.network
owner: root
group: root
mode: '0644'
- name: Copy over radicale config
ansible.builtin.copy:
src: ./files/config