Switch lodgeit to run under a dedicated user

This updates the lodgeit paste service to run under a dedicated user. We
defer on updating the image to do this as we should coordinate with
vexxhost on how that will impact them. This should be fine though as
gerritbot updates proved we can run it this way.

Change-Id: I44d3c53a01be475db1bfa17200da0a4800f85628
This commit is contained in:
Clark Boylan 2021-11-19 09:11:38 -08:00
parent 7cea2a9f83
commit e5081581d4
2 changed files with 16 additions and 0 deletions

View File

@ -1,3 +1,18 @@
- name: Create lodgeit group
group:
name: "lodgeit"
gid: "10100"
system: yes
- name: Create lodgeit user
user:
name: "lodgeit"
group: "lodgeit"
uid: "10100"
home: "/var/lib/lodgeit"
create_home: yes
shell: /bin/bash
system: yes
- name: Ensure /etc/lodgeit-compose directory
file:
state: directory

View File

@ -25,6 +25,7 @@ services:
- mariadb
restart: always
network_mode: host
user: "10100:10100"
command: ['/bin/bash', '-c', 'echo "*** Starting"; sleep 30; /usr/local/bin/uwsgi']
logging:
driver: syslog