samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-07-12 17:40:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Set SELinux labels for bind mounts, replace secrets with bind mounts

Browse Source
This commit is contained in:
tobiaskussel
2025-07-03 14:09:01 +00:00
parent 98e0512a61
commit 078c16e8dd
22 changed files with 62 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bbmri/modules/eric-compose.yml
View File

@ -26,11 +26,11 @@ services:
ALL_PROXY: http://forward_proxy:3128
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
ROOTCERT_FILE: /conf/root.crt.pem
secrets:
- proxy.pem
depends_on:
- "forward_proxy"
volumes:
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
- /srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro
- /srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro,Z
# secrets don't seem to allow us to specify Z
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro

6
bbmri/modules/exporter-compose.yml
View File

@ -36,7 +36,7 @@ services:
- "traefik.http.middlewares.exporter_auth.basicauth.users=${EXPORTER_USER}"
volumes:
- "/var/cache/bridgehead/bbmri/exporter-files:/app/exporter-files/output"
- "/var/cache/bridgehead/bbmri/exporter-files:/app/exporter-files/output:z"
exporter-db:
image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
@ -47,7 +47,7 @@ services:
POSTGRES_DB: "exporter"
volumes:
# Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
- "/var/cache/bridgehead/bbmri/exporter-db:/var/lib/postgresql/data"
- "/var/cache/bridgehead/bbmri/exporter-db:/var/lib/postgresql/data:Z"
reporter:
image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
@ -69,7 +69,7 @@ services:
# There is a risk that the bridgehead restarts, losing the already created export.
volumes:
- "/var/cache/bridgehead/bbmri/reporter-files:/app/reports"
- "/var/cache/bridgehead/bbmri/reporter-files:/app/reports:z"
labels:
- "traefik.enable=true"
- "traefik.http.routers.reporter_bbmri.rule=PathPrefix(`/bbmri-reporter`)"

6
bbmri/modules/gbn-compose.yml
View File

@ -26,11 +26,11 @@ services:
ALL_PROXY: http://forward_proxy:3128
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
ROOTCERT_FILE: /conf/root.crt.pem
secrets:
- proxy.pem
depends_on:
- "forward_proxy"
volumes:
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
- /srv/docker/bridgehead/bbmri/modules/${GBN_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro
- /srv/docker/bridgehead/bbmri/modules/${GBN_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro,Z
# secrets don't seem to allow us to specify Z
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro