|
1 | | -{% import "webdav_macros/httpd.conf" as httpd_conf %} |
2 | | -{% import "webdav_macros/webdav_http.conf" as webdav_http %} |
3 | | -{% import "webdav_macros/webdav_https.conf" as webdav_https %} |
4 | | - |
5 | | -{# Stores storage items that contains info for volumes, vol mounts, perms dirs and perms mounts #} |
6 | | -{% set storage_items = namespace(items=[]) %} |
7 | | -{# Stores the top level volumes #} |
8 | | -{% set volumes = namespace(items={}) %} |
9 | | -{# Stores the container volume mounts #} |
10 | | -{% set volume_mounts = namespace(items=[]) %} |
11 | | -{# Stores the perms container volume mounts #} |
12 | | -{% set perms_mounts = namespace(items=[]) %} |
13 | | -{# Stores the perms container dirs #} |
14 | | -{% set perms_dirs = namespace(items=[]) %} |
| 1 | +{% from "webdav_macros/httpd.conf" import httpd_conf %} |
| 2 | +{% from "webdav_macros/webdav_http.conf" import webdav_http %} |
| 3 | +{% from "webdav_macros/webdav_https.conf" import webdav_https %} |
| 4 | + |
| 5 | +{% set tpl = ix_lib.base.render.Render(values) %} |
15 | 6 |
|
16 | 7 | {% if not values.network.enable_http and not values.network.enable_https %} |
17 | | - {% do ix_lib.base.utils.throw_error("Must enable at least one of http or https ports") %} |
| 8 | + {% do tpl.funcs.fail("Must enable at least one of http or https ports") %} |
18 | 9 | {% endif %} |
19 | 10 |
|
20 | 11 | {% if values.network.enable_https and not values.network.certificate_id %} |
21 | | - {% do ix_lib.base.utils.throw_error("Must provide a certificate id if enabling https") %} |
| 12 | + {% do tpl.funcs.fail("Must provide a certificate id if enabling https") %} |
22 | 13 | {% endif %} |
23 | 14 |
|
24 | | -{% set share_names = namespace(x=[]) %} |
25 | | -{% for share in values.storage.shares %} |
26 | | - {% if not ix_lib.base.utils.match_regex(share.name, "^[a-zA-Z0-9_-]+$") %} |
27 | | - {% do ix_lib.base.errors.throw_error("Share name must consist only of [Letters(a-z, A-Z), Numbers(0-9), Underscores(_), Dashes(-)], but got [%s]"|format(share.name)) %} |
28 | | - {% endif %} |
29 | | - {% do share_names.x.append(share.name) %} |
30 | | -{% endfor %} |
31 | | -{% if share_names.x | length != share_names.x | unique | list | length %} |
32 | | - {% do ix_lib.base.errors.throw_error("Share names must be unique, but got [%s]"|format(share_names.x | join(", "))) %} |
| 15 | +{% set c1 = tpl.add_container(values.consts.webdav_container_name, "image") %} |
| 16 | +{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %} |
| 17 | +{% set perms_config = {"uid": values.run_as.user, "gid": values.run_as.group, "mode": "check"} %} |
| 18 | + |
| 19 | +{% do c1.set_user(values.run_as.user, values.run_as.group) %} |
| 20 | +{% do c1.healthcheck.set_test("tcp", {"port": values.network.http_port if values.network.enable_http else values.network.https_port}) %} |
| 21 | +{% do c1.environment.add_user_envs(values.webdav.additional_envs) %} |
| 22 | + |
| 23 | +{% do c1.configs.add("httpd-conf", httpd_conf(values), values.consts.httpd_conf_path) %} |
| 24 | +{% if values.network.certificate_id %} |
| 25 | + {% set cert = values.ix_certificates[values.network.certificate_id] %} |
| 26 | + {% do c1.configs.add("public", cert.certificate, values.consts.ssl_cert_path) %} |
| 27 | + {% do c1.configs.add("private", cert.privatekey, values.consts.ssl_key_path) %} |
| 28 | +{% endif %} |
| 29 | + |
| 30 | +{% if values.webdav.auth_type != "none" %} |
| 31 | + {% do c1.configs.add("htauth", tpl.funcs.htpasswd(values.webdav.username, values.webdav.password), "%s%s"|format(values.consts.auth_file_base, values.webdav.auth_type)) %} |
| 32 | +{% endif %} |
| 33 | + |
| 34 | +{% if values.network.enable_http %} |
| 35 | + {% do c1.ports.add_port(values.network.http_port, values.network.http_port) %} |
| 36 | + {% do c1.configs.add("webdav-http-config", webdav_http(values), values.consts.webdav_http_config_path) %} |
| 37 | +{% endif %} |
| 38 | + |
| 39 | +{% if values.network.enable_https %} |
| 40 | + {% do c1.ports.add_port(values.network.https_port, values.network.https_port) %} |
| 41 | + {% do c1.configs.add("webdav-https-config", webdav_https(values), values.consts.webdav_https_config_path) %} |
33 | 42 | {% endif %} |
34 | 43 |
|
35 | | -{% do storage_items.items.append(ix_lib.base.storage.storage_item(data={"type": "temporary", "mount_path": "/tmp"}, |
36 | | - perm_opts={"mount_path": "/mnt/webdav/tmp", "mode": "check", "uid": values.run_as.user, "gid": values.run_as.group} |
37 | | -)) %} |
| 44 | +{% set tmp_config = {"type": "temporary", "volume_config": {"volume_name": "webdav-tmp"}} %} |
| 45 | +{% do c1.add_storage("/tmp", tmp_config) %} |
| 46 | +{% do perm_container.add_or_skip_action("webdav-tmp", tmp_config, perms_config) %} |
| 47 | + |
38 | 48 | {# Stores PID file and DavLockDB file #} |
39 | | -{% do storage_items.items.append(ix_lib.base.storage.storage_item(data={"type": "tmpfs", "mount_path": values.consts.pid_base_path, "tmpfs_config": {"mode": "0777", "size": 100} })) %} |
| 49 | +{% do c1.add_storage(values.consts.pid_base_path, {"type": "tmpfs", "tmpfs_config": {"mode": "0777", "size": 100}}) %} |
40 | 50 |
|
| 51 | +{% set share_names = namespace(x=[]) %} |
41 | 52 | {% for share in values.storage.shares %} |
42 | | - {% set item = { |
| 53 | + {% if not tpl.funcs.match_regex(share.name, "^[a-zA-Z0-9_-]+$") %} |
| 54 | + {% do tpl.funcs.fail("Share name must consist only of [Letters(a-z, A-Z), Numbers(0-9), Underscores(_), Dashes(-)], but got [%s]"|format(share.name)) %} |
| 55 | + {% endif %} |
| 56 | + {% do share_names.x.append(share.name) %} |
| 57 | + |
| 58 | + {% set store_config = { |
43 | 59 | "type": "host_path", |
44 | 60 | "read_only": share.read_only, |
45 | | - "auto_permissions": share.fix_permissions, |
46 | 61 | "mount_path": "/%s/%s"|format(values.consts.shares_prefix, share.name), |
47 | 62 | "host_path_config": { |
| 63 | + "auto_permissions": share.fix_permissions, |
| 64 | + "create_host_path": share.get("create_host_path", False), |
48 | 65 | "path": share.host_path, |
49 | | - } } %} |
50 | | - {% do storage_items.items.append(ix_lib.base.storage.storage_item(data=item, values=values, |
51 | | - perm_opts={"mount_path": "/mnt/webdav/dir_%s"|format(share.name), "mode": "check", "uid": values.run_as.user, "gid": values.run_as.group} |
52 | | - )) %} |
53 | | -{% endfor %} |
| 66 | + } |
| 67 | + } %} |
54 | 68 |
|
55 | | -{# Add each item to the above lists #} |
56 | | -{% for item in storage_items.items %} |
57 | | - {% if item.vol and volumes.items.update(item.vol) %}{% endif %} |
58 | | - {% if item.vol_mount and volume_mounts.items.append(item.vol_mount) %}{% endif %} |
59 | | - {% if item.perms_item and (perms_dirs.items.append(item.perms_item.perm_dir), perms_mounts.items.append(item.perms_item.vol_mount)) %}{% endif %} |
| 69 | + {% do c1.add_storage(store_config.mount_path, store_config) %} |
| 70 | + {% do perm_container.add_or_skip_action(share.name, dict(store_config, **{"read_only": False}), perms_config) %} |
60 | 71 | {% endfor %} |
61 | 72 |
|
62 | | -configs: |
63 | | - {% if values.network.enable_http %} |
64 | | - webdav-http-config: |
65 | | - content: {{ webdav_http.webdav_http(values) | tojson }} |
66 | | - {% endif %} |
67 | | - {% if values.network.enable_https %} |
68 | | - webdav-https-config: |
69 | | - content: {{ webdav_https.webdav_https(values) | tojson }} |
70 | | - {% endif %} |
71 | | - httpd-conf: |
72 | | - content: {{ httpd_conf.httpd_conf(values) | tojson }} |
73 | | - {% if values.webdav.auth_type != "none" %} |
74 | | - htauth: |
75 | | - content: {{ ix_lib.base.security.htpasswd(values.webdav.username, values.webdav.password) | tojson }} |
76 | | - {% endif %} |
77 | | - {% if values.network.certificate_id %} |
78 | | - private: |
79 | | - content: {{ values.ix_certificates[values.network.certificate_id].privatekey | tojson }} |
80 | | - public: |
81 | | - content: {{ values.ix_certificates[values.network.certificate_id].certificate | tojson }} |
82 | | - {% endif %} |
83 | | - |
84 | | -{# Containers #} |
85 | | -services: |
86 | | - {{ values.consts.webdav_container_name }}: |
87 | | - user: {{ "%d:%d" | format(values.run_as.user, values.run_as.group) }} |
88 | | - image: {{ ix_lib.base.utils.get_image(images=values.images, name="image") }} |
89 | | - restart: unless-stopped |
90 | | - deploy: |
91 | | - resources: {{ ix_lib.base.resources.resources(values.resources) | tojson }} |
92 | | - devices: {{ ix_lib.base.resources.get_devices(values.resources) | tojson }} |
93 | | - configs: |
94 | | - - source: httpd-conf |
95 | | - target: {{ values.consts.httpd_conf_path }} |
96 | | - {% if values.network.enable_http %} |
97 | | - - source: webdav-http-config |
98 | | - target: {{ values.consts.webdav_http_config_path }} |
99 | | - {% endif %} |
100 | | - {% if values.network.enable_https %} |
101 | | - - source: webdav-https-config |
102 | | - target: {{ values.consts.webdav_https_config_path }} |
103 | | - {% endif %} |
104 | | - {% if values.webdav.auth_type != "none" %} |
105 | | - - source: htauth |
106 | | - target: {{ "%s%s"|format(values.consts.auth_file_base, values.webdav.auth_type) }} |
107 | | - {% endif %} |
108 | | - {% if values.network.certificate_id %} |
109 | | - - source: private |
110 | | - target: {{ values.consts.ssl_key_path }} |
111 | | - - source: public |
112 | | - target: {{ values.consts.ssl_cert_path }} |
113 | | - {% endif %} |
114 | | - {% if perms_dirs.items %} |
115 | | - depends_on: |
116 | | - {{ values.consts.perms_container_name }}: |
117 | | - condition: service_completed_successfully |
118 | | - {% endif %} |
119 | | - {% if values.network.host_network %} |
120 | | - network_mode: host |
121 | | - {% endif %} |
122 | | - cap_drop: {{ ix_lib.base.security.get_caps().drop | tojson }} |
123 | | - security_opt: {{ ix_lib.base.security.get_sec_opts() | tojson }} |
124 | | - {% if values.network.dns_opts %} |
125 | | - dns_opt: {{ ix_lib.base.network.dns_opts(values.network.dns_opts) | tojson }} |
126 | | - {% endif %} |
127 | | - {% set test = ix_lib.base.healthchecks.tcp_test(port=values.network.http_port if values.network.enable_http else values.network.https_port) %} |
128 | | - healthcheck: {{ ix_lib.base.healthchecks.check_health(test) | tojson }} |
129 | | - environment: {{ ix_lib.base.environment.envs(app={}, user=values.webdav.additional_envs, values=values) | tojson }} |
130 | | - {% if not values.network.host_network %} |
131 | | - ports: |
132 | | - {% if values.network.enable_http %} |
133 | | - - {{ ix_lib.base.ports.get_port(port={"target": values.network.http_port, "published": values.network.http_port}) | tojson }} |
134 | | - {% endif %} |
135 | | - {% if values.network.enable_https %} |
136 | | - - {{ ix_lib.base.ports.get_port(port={"target": values.network.https_port, "published": values.network.https_port}) | tojson }} |
137 | | - {% endif %} |
138 | | - {% endif %} |
139 | | - volumes: {{ volume_mounts.items | tojson }} |
140 | | - |
141 | | - {% if perms_dirs.items %} |
142 | | - {{ values.consts.perms_container_name }}: {{ ix_lib.base.permissions.perms_container(items=perms_dirs.items, volumes=perms_mounts.items) | tojson }} |
143 | | - {% endif %} |
| 73 | +{% if share_names.x | length != share_names.x | unique | list | length %} |
| 74 | + {% do tpl.funcs.fail("Share names must be unique, but got [%s]"|format(share_names.x | join(", "))) %} |
| 75 | +{% endif %} |
144 | 76 |
|
145 | | -{% if volumes.items %} |
146 | | -volumes: {{ volumes.items | tojson }} |
| 77 | +{% if perm_container.has_actions() %} |
| 78 | + {% do perm_container.activate() %} |
| 79 | + {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %} |
147 | 80 | {% endif %} |
148 | 81 |
|
149 | | -x-portals: {{ ix_lib.base.metadata.get_portals([]) | tojson }} |
150 | | -x-notes: {{ ix_lib.base.metadata.get_notes("WebDAV") | tojson }} |
| 82 | +{{ tpl.render() | tojson }} |
0 commit comments