Helper Programs

fslsrv

This is the Fossil service rebuild script I run on my public web site server. (Likely the very site you’re reading this on.) It pulls the latest container image created by my OCI image updater and uses Podlet to rebuild the Quadlet units against the new OCI image, updating all my repositories to the latest version of Fossil within seconds, even though each is served by a separate container.

If the only thing that changed is the container image, you can update even faster with:

$ podman auto-update

Podman remembers the URI of the image so that it can check it for changes, then fetch a new version and rebuild the systemd units when necessary. This is about twice as fast as the way fslsrv does things normally. You need only pay the full cost when you’re changing something else, like the list of start_one calls at the end, as when adding a new repo.

As a bonus, this script copies the static fossil binary out of the first container it creates for later local use, replacing the first instance it finds in the PATH. I keep it in /usr/local/bin, owned by my non-root user on that server to allow sync over SSH.

Notice that we did not prefix the above command with sudo. This is because fslsrv builds user units, not system units. It is able to do this by making use of Podman’s rootless-by-default nature, in particular its ability to map the root user inside the container (ID 0) to our non-root user out on the host.¹

The systemd default assumption is that user services are needed only while that user is interactively logged in, so you may need to say:

$ loginctl enable-linger $USER

That causes it to leave the fslsrv user services running after you log out of the SSH session you are using to set all this up.

This script is meant to be forked. Adjust the variables at the top to suit your site’s configuration, and replace the canned set of start_one calls at the end to do something useful. The script maps each repository into your site’s root, named after the repository file’s basename; you might want to adjust this as well.

The script roots each repository at ~/museum/PROJECT/repo.fossil for the benefit of the container.

If your changes to the script are small enough, I suggest this workflow: clone this repository onto your host, open it up somewhere, and put its bin/ directory into your PATH. Make your changes, then commit those changes to a private branch. Now you can run from your private version, but merge new upstream changes in easily at need.

alert-sender

This script is a companion to fslsrv for use on sites with repos that write email alerts to ~/museum/REPO/mail.db and need a way to forward those queued messages from inside the container out to the local MTA. It is a lightly-modified version of tools/email-sender.tcl from the Fossil project, referenced from their email alerts doc. That document shows how to set your Fossil instance to produce the mail.db file needed by this script.

Having done all that, modify ../systemd/alert-sender@.service to point at this script. The intended pattern is to replace instances of “USER” in the file with your actual user name, which in turn means following the given scheme, but this is not otherwise hard-coded. You are free to choose another scheme.

Copy that locally-customizd unit file into ~/.local/share/systemd/user so that fslsrv can instantiate it for each repo subdir that is found to contain a mail.db file.

---

1. ^{^} This in turn is why the script adds the --nojail command to the fossil server instantiation: without it, Fossil would chroot itself inside our container, which is not only redundant, it would mean it couldn’t see the faux /dev tree Podman mapped into the container for us.