service: Actually do something with service_additional_containers

2025-06-26 12:04:42 +03:00
parent 2e14434c9f
commit aa9eabf19c
4 changed files with 101 additions and 5 deletions
--- a/roles/service/meta/argument_specs.yaml
+++ b/roles/service/meta/argument_specs.yaml
@@ -192,7 +192,7 @@ argument_specs:

      service_additional_containers:
        description:
-          - List of additional containers for the sercice.
+          - List of additional containers for the service.
          - >
            Will inherit most options from main service container, except for publish_ports.
            All options can be overridden per-container.
@@ -259,6 +259,53 @@ argument_specs:
            type: dict
            required: false
            default: {}
+          secrets:
+            description:
+              - >
+                A list of secrets available to the service container as file or environment
+                variable
+              - >
+                A dict of secrets and their values (including autogenerated values) is available as
+                `service_podman_secrets` for use in templates. This should only be used if the
+                container doesn't support reading the secret from file or environment variable.
+            type: list
+            required: false
+            default: []
+            elements: dict
+            options:
+              name:
+                description: Name of the secret
+                type: str
+                required: true
+              value:
+                description:
+                  - >
+                    Value of the secret. Defaults to a 128-character random string containing
+                    alphanumeric characters.
+                  - >
+                    If the value is not explicitly set, it will not be changed if the secret
+                    already exists.
+                type: str
+                required: false
+              length:
+                description: Length of randomly generated string
+                type: int
+                required: false
+                default: 128
+              type:
+                description: How the secret will be exposed to the container
+                type: str
+                choices:
+                  - mount
+                  - env
+                default: mount
+              target:
+                description: >
+                  Where the secret will be available inside the container. If type is mount, this is
+                  either a full file path or a filename under /run/secrets. If type is env, this is
+                  the name of the environment variable. Defaults to secret name.
+                type: str
+                required: false

      service_requires:
        description: List of systemd units this service container depends on.