--- argument_specs: main: description: Sets up a service in podman container(s) options: service_name: description: Name of the service. type: str required: true service_container_command: description: Command to start the service container with. type: list required: false default: [] elements: str service_domains: description: A list of domains which should be proxied to the main service container type: list required: false default: [] elements: str service_container_http_port: description: - Port inside the container where http requests will be proxied to. - Required if service_domains is not empty. type: int required: false default: 0 service_proxy_pass_host_header: description: Passed to vhost role as vhost_proxy_pass_header type: bool required: false default: true service_proxy_auth_type: description: >- Set to oauth2-proxy to use OAuth2 Proxy for vhost authentication. type: str required: false default: none choices: - none - oauth2-proxy service_vhost_locations: description: Passed to vhost role as vhost_locations type: list required: false default: [] service_oauth2_proxy_issuer_url: description: >- OpenID Connect issuer URL. Required if service_proxy_auth_type is oauth2-proxy. type: str required: false oauth2_proxy_client_id: description: OAuth client ID. Required if service_proxy_auth_type is oauth2-proxy. type: str required: false oauth2_proxy_client_secret: description: OAuth client secret. Required if service_proxy_auth_type is oauth2-proxy. type: str required: false service_container_image: description: "The image to run in the service container(s), in FQIN format (registry/imagename:tag)." type: str required: true service_container_image_creds: description: Credentials used to authenticate with the registry type: dict required: false default: username: "" password: "" options: username: description: Username type: str required: true password: description: Password type: str required: true service_container_user: description: The UID to run as inside the container type: str required: false default: "" service_container_ip: description: Static ip for the container in it's network type: str required: false default: "" service_container_additional_networks: description: >- A list of additional podman networks for the service container (in addition to service name network). type: list required: false default: [] elements: str service_container_publish_ports: description: "A list of published ports in docker format (::)" type: list required: false default: [] elements: str service_container_mounts: description: List of bind mounts or volumes to be mounted inside the service container(s). type: list required: false default: [] elements: dict options: type: description: Type of mount type: str required: true choices: - volume - bind - template source: description: - Mount source. - If mount type is volume, name of the volume. - If mount type is bind, host path to bind mount inside the container. - If mount type is template, the name of the template file, must end in .j2 type: str required: true destination: description: Path inside the container to mount at type: str required: true readonly: description: - If true, volume will be mounted as read only inside the container. - Defaults to false for volume and bind, true for template type: bool required: false user: description: Volume owner uid. Only applicable if mount type is volume. type: str required: false default: "" group: description: Volume owner gid. Only applicable if mount type is volume. type: str required: false default: "" volume_device: description: >- The path of a device which is mounted for the volume. Only applicable if mount type is volume. type: str required: false default: "" volume_type: description: >- The filesystem type of device as used by the mount commands -t option Only applicable if mount type is volume. type: str required: false default: "" volume_mount_options: description: >- The mount options to use for a filesystem as used by the mount command -o option Only applicable if mount type is volume. type: list elements: str required: false default: [] service_container_secrets: description: - > A list of secrets available to the service container as file or environment variable - > A dict of secrets and their values (including autogenerated values) is available as `service_podman_secrets` for use in templates. This should only be used if the container doesn't support reading the secret from file or environment variable. type: list required: false default: [] elements: dict options: name: description: Name of the secret type: str required: true value: description: - > Value of the secret. Defaults to a 128-character random string containing alphanumeric characters. - > If the value is not explicitly set, it will not be changed if the secret already exists. type: str required: false length: description: Length of randomly generated string type: int required: false default: 128 type: description: How the secret will be exposed to the container type: str choices: - mount - env default: mount target: description: > Where the secret will be available inside the container. If type is mount, this is either a full file path or a filename under /run/secrets. If type is env, this is the name of the environment variable. Defaults to secret name. type: str required: false service_container_env: description: A dict of environment variables for the service container(s) type: dict required: false default: {} service_database_type: description: - Database type to set up. - > It will be run in a container accessible to the service at host {{ service_name }}-{{ service_database_type }} on the default port. - The database user will be {{ service_name }} - The password will be accessible as secret at /run/secrets/{{ service_database_type }} - > The password will also be available as the service_podman_secrets['{{ service_name }}-{{ service_database_type }}'] variable. type: str choices: - postgres - none required: false default: none service_database_additional_networks: description: >- A list of additional podman networks for the database container (in addition to service name network). type: list required: false default: [] elements: str service_database_secret_type: description: Secret type for database secret for service container type: str choices: - mount - env required: false default: mount service_database_secret_target: description: Secret target for database secret for service container. type: str required: false default: "{{ service_database_type }}" service_postgres_image: description: Postgresql image to use. type: str required: false default: docker.io/library/postgres service_postgres_tag: description: - Postgresql version to use. - Can be debian (n) or alpine-based (n-alpine), where n can be major version like 14 or minor like 14.13. - Required if service_database_type is postgres, does nothing otherwise - If a custom postgres image is specified, see that image documentation for supported tags. type: str required: false service_redis: description: >- Whether to install redis in a container accessible to the service at host {{ service_name }}-redis. type: bool required: false default: false service_additional_containers: description: - List of additional containers for the service. - > Will inherit most options from main service container. All options can be overridden per-container. type: list required: false default: [] elements: dict options: name: description: - Name of the container. - > This will be appended to the service name, so if for example service name is nextcloud and this variable is cron, the resulting container will be called nextcloud-cron type: str required: true image: description: "The image to run in the container, in FQIN format (registry/image:tag)" type: str required: false default: "{{ service_container_image }}" command: description: Command to start the container with. type: list required: false default: "[]" elements: str mounts: description: List of bind mounts or volumes to be mounted inside the main service container. type: list required: false default: "{{ service_container_mounts }}" elements: dict options: type: description: Type of mount type: str required: true choices: - volume - bind - template source: description: - Mount source. - If mount type is volume, name of the volume. - If mount type is bind, host path to bind mount inside the container. - If mount type is template, the name of the template file, must end in .j2 type: str required: true destination: description: Path inside the container to mount at type: str required: true readonly: description: - If true, volume will be mounted as read only inside the container - Defaults to false for volume and bind, true for template type: bool required: false volume_device: description: >- The path of a device which is mounted for the volume. Only applicable if mount type is volume. type: str required: false default: "" volume_type: description: >- The filesystem type of device as used by the mount commands -t option Only applicable if mount type is volume. type: str required: false default: "" volume_mount_options: description: >- The mount options to use for a filesystem as used by the mount command -o option Only applicable if mount type is volume. type: list elements: str required: false default: [] publish_ports: description: "A list of published ports in docker format (::)" type: list required: false default: [] elements: str env: description: A dict of environment variables for the container type: dict required: false default: {} secrets: description: - > A list of secrets available to the service container as file or environment variable - > A dict of secrets and their values (including autogenerated values) is available as `service_podman_secrets` for use in templates. This should only be used if the container doesn't support reading the secret from file or environment variable. type: list required: false default: [] elements: dict options: name: description: Name of the secret type: str required: true value: description: - > Value of the secret. Defaults to a 128-character random string containing alphanumeric characters. - > If the value is not explicitly set, it will not be changed if the secret already exists. type: str required: false length: description: Length of randomly generated string type: int required: false default: 128 type: description: How the secret will be exposed to the container type: str choices: - mount - env default: mount target: description: > Where the secret will be available inside the container. If type is mount, this is either a full file path or a filename under /run/secrets. If type is env, this is the name of the environment variable. Defaults to secret name. type: str required: false service_requires: description: List of systemd units this service container depends on. type: list required: false default: [] elements: str service_wants: description: List of systemd units this service container weakly depends on. type: list required: false default: [] elements: str service_auto_update: description: Whether to let podman automatically update the service containers whenever the specified image gets updated type: bool required: false default: true