backend: harden rootless app lifecycle orchestration
This commit is contained in:
@@ -17,6 +17,7 @@ set -eo pipefail
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
|
||||
TARGET_DIR="/home/archipelago/archy"
|
||||
PODMAN_IMAGE_CHECK_TIMEOUT="${PODMAN_IMAGE_CHECK_TIMEOUT:-10}"
|
||||
|
||||
# Load deploy config defaults (IP addresses etc.)
|
||||
[ -f "$SCRIPT_DIR/deploy-config-defaults.sh" ] && . "$SCRIPT_DIR/deploy-config-defaults.sh"
|
||||
@@ -186,7 +187,7 @@ deploy_node() {
|
||||
# Transfer custom UI images (individual tarballs — never combined)
|
||||
echo " Transferring custom UI images..."
|
||||
for ui_img in bitcoin-ui lnd-ui electrs-ui; do
|
||||
HAS_IMG=$(ssh $SSH_OPTS "$BUILD_SOURCE" "podman images --format '{{.Repository}}:{{.Tag}}' 2>/dev/null | grep -q '${ui_img}:' && echo yes || echo no" 2>/dev/null)
|
||||
HAS_IMG=$(ssh $SSH_OPTS "$BUILD_SOURCE" "timeout --kill-after=2s ${PODMAN_IMAGE_CHECK_TIMEOUT}s podman image exists 'localhost/${ui_img}:local' 2>/dev/null && echo yes || echo no" 2>/dev/null)
|
||||
if [ "$HAS_IMG" = "yes" ]; then
|
||||
echo " $ui_img..."
|
||||
if ssh $SSH_OPTS "$BUILD_SOURCE" "podman save 'localhost/${ui_img}:local' 2>/dev/null" > "/tmp/${ui_img}.tar" 2>/dev/null && [ -s "/tmp/${ui_img}.tar" ]; then
|
||||
@@ -926,12 +927,19 @@ LNDCONF
|
||||
if \$DOCKER ps -a --format '{{.Names}}' 2>/dev/null | grep -qx portainer; then
|
||||
\$DOCKER start portainer 2>/dev/null || true
|
||||
else
|
||||
sudo mkdir -p /var/lib/archipelago/portainer
|
||||
sudo mkdir -p /var/lib/archipelago/portainer/compose
|
||||
sudo chown -R archipelago:archipelago /var/lib/archipelago/portainer 2>/dev/null || true
|
||||
if [ ! -e /data ]; then
|
||||
sudo ln -s /var/lib/archipelago/portainer /data 2>/dev/null || true
|
||||
elif [ -d /data ] && [ ! -L /data ] && [ ! -e /data/compose ]; then
|
||||
sudo ln -s /var/lib/archipelago/portainer/compose /data/compose 2>/dev/null || true
|
||||
fi
|
||||
\$DOCKER run -d --name portainer --restart unless-stopped \
|
||||
--health-cmd 'curl -sf http://localhost:9000/' --health-interval=30s --health-timeout=5s --health-retries=3 \
|
||||
--cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
|
||||
--security-opt no-new-privileges:true \
|
||||
-p 9000:9000 -v /var/lib/archipelago/portainer:/data \
|
||||
-v /var/lib/archipelago/portainer/compose:/data/compose \
|
||||
-v /run/user/1000/podman/podman.sock:/var/run/docker.sock \
|
||||
$PORTAINER_IMAGE
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user