continuist
f607d93d21
Some checks are pending
CI/CD Pipeline (Fully Isolated DinD) / Run Tests (DinD) (push) Waiting to run
CI/CD Pipeline (Fully Isolated DinD) / Build and Push Docker Images (DinD) (push) Blocked by required conditions
CI/CD Pipeline (Fully Isolated DinD) / Deploy to Production (push) Blocked by required conditions
32 lines
No EOL
1.2 KiB
Desktop File
32 lines
No EOL
1.2 KiB
Desktop File
[Unit]
|
|
Description=Docker Registry v2 with nginx Reverse Proxy
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
User=CI_SERVICE_USER
|
|
Group=CI_SERVICE_USER
|
|
WorkingDirectory=/opt/APP_NAME/registry
|
|
|
|
# Podman rootless configuration - all state outside home
|
|
Environment=PODMAN_ROOT=/var/tmp/podman-%u/root
|
|
Environment=PODMAN_RUNROOT=/run/user/%u/podman-run
|
|
Environment=PODMAN_TMPDIR=/var/tmp/podman-%u/tmp
|
|
Environment=XDG_DATA_HOME=/var/tmp/podman-%u/xdg-data
|
|
Environment=XDG_CONFIG_HOME=/var/tmp/podman-%u/xdg-config
|
|
|
|
ExecStart=/usr/bin/podman --root=${PODMAN_ROOT} --runroot=${PODMAN_RUNROOT} --tmpdir=${PODMAN_TMPDIR} --events-backend=file play kube registry-pod.yaml
|
|
ExecStop=/usr/bin/podman --root=${PODMAN_ROOT} --runroot=${PODMAN_RUNROOT} --tmpdir=${PODMAN_TMPDIR} --events-backend=file pod stop registry-pod
|
|
ExecReload=/usr/bin/podman --root=${PODMAN_ROOT} --runroot=${PODMAN_RUNROOT} --tmpdir=${PODMAN_TMPDIR} --events-backend=file pod restart registry-pod
|
|
TimeoutStartSec=0
|
|
|
|
# Security settings
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ReadWritePaths=/opt/APP_NAME/registry /etc/registry /var/lib/registry /var/log/registry /var/tmp/podman-%u
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target |