radarr: Deploy Radarr in a Podman container
The `radarr.yml` playbook and corresponding role deploy Radarr, the movie library/download manager, in a Podman container. Note that we're relocating the log files from the Radarr AppData directory to `/var/log/radarr` so they can be picked up by Fluent Bit.
This commit is contained in:
37
roles/radarr/templates/radarr.container.j2
Normal file
37
roles/radarr/templates/radarr.container.j2
Normal file
@@ -0,0 +1,37 @@
|
||||
{#- vim: set ft=systemd.jinja : #}
|
||||
[Unit]
|
||||
Description=Radarr Movie Library Manager
|
||||
Wants=network.target
|
||||
After=network.target
|
||||
|
||||
[Container]
|
||||
Image={{ radarr_container_image }}:{{ radarr_version }}
|
||||
Volume=/var/log/radarr:/var/log/radarr:rw
|
||||
Volume=/var/lib/radarr:/var/lib/radarr:rw
|
||||
{% for mount in radarr_path_mounts %}
|
||||
Mount={{ mount }}
|
||||
{% endfor %}
|
||||
GroupAdd=media
|
||||
ReadOnly=true
|
||||
ReadOnlyTmpfs=true
|
||||
Network=host
|
||||
NoNewPrivileges=yes
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectHome=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectProc=invisible
|
||||
ProtectSystem=full
|
||||
TemporaryFileSystem=/etc/containers/networks
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
SuccessExitStatus=0 143
|
||||
UMask=0022
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user