Fossil Add-Ons: Artifact [543c38c7ad]

Artifact 543c38c7ad9d3732b1f74128a9b6f1d2528bcfef3c59817a19bfc3548734cfbd:

Executable file bin/fslsrv — part of check-in [4ad5bc177e] at 2025-03-19 01:55:00 on branch trunk — Instead of using the in-container /tmp per Podman's default, fslsrv creates the containers with a 4M tmpfs mounted there so that if it fills up, we can just restart the container to clear it.
(This isn't a theoretical risk. I've just seen it happen on a different host, and the sympom is scary, complaining about a disk I/O error while executing a SQL statement. I thought the repo DB had gone corrupt!)
We could instead map the host-side /tmp in atop the in-container one, as that is likely to be a generously-sized tmpfs already, but that opens a communication path between container instances. (user: tangent size: 1649)

#!/bin/bash
IMAGE=docker.io/tangentsoft/fossil
SITE=https://example.com
PORT=12345

function start_one() {
    bn=$1
    ln="$2"
    name=fossil-$bn

    systemctl --user stop $name > /dev/null 2>&1
    podman container rm $name > /dev/null 2>&1
    id=$(podman create \
        --name $name \
        --cap-drop AUDIT_WRITE \
        --cap-drop CHOWN \
        --cap-drop FSETID \
        --cap-drop KILL \
        --cap-drop NET_BIND_SERVICE \
        --cap-drop NET_RAW \
        --cap-drop SETFCAP \
        --cap-drop SETPCAP \
        --label "io.containers.autoupdate=registry" \
        --publish 127.0.0.1:$PORT:8080 \
        --tmpfs /tmp:rw,size=4M,mode=1777 \
        --user 0 \
        --volume ~/museum/$bn:/museum \
        --volume ~/log/fossil:/log \
        $IMAGE \
            --scgi \
            --nojail \
            --jsmode bundled \
            --baseurl $SITE/$bn \
            --errorlog /log/$bn.log \
            /museum/repo.fossil)
    sfile=~/.local/share/systemd/user/$name.service
    podman generate systemd --new --name $name > $sfile

    if [ -z "$FIRST" ]
    then
        ov=$(fossil version)
        podman cp $name:/bin/fossil $(type -p fossil)
        nv=$(fossil version)
        echo -e "Updated Fossil:\n  From: $ov\n    To: $nv"
        FIRST=0
    fi

    echo Created $ln Fossil container, port $PORT, ID ${id:0:8}.

    NAMES="$NAMES $name"
    PORT=$(($PORT + 1))
}

podman image pull $IMAGE

start_one first  "First Project"
start_one second "Second Project"
start_one third  "Third Project"

set -x
systemctl --user daemon-reload
systemctl --user enable  $NAMES
systemctl --user restart $NAMES