synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-18 14:17:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: Fix dogfood installation by forcing default configurations (#557)

Browse Source 
* ci: Fix dogfood installation by forcing default configurations

The dpkg prompt to override config files was
appearing, but this will auto-approve it.

* Add CAP_NET_BIND_SERVICE to allow listening on :443
This commit is contained in:
Kyle Carberry
2022-03-24 14:02:09 -06:00
committed by GitHub
parent bf00487174
commit d371a66447
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/coder.yaml vendored
View File

@ -336,7 +336,7 @@ jobs:
gcloud config set project coder-dogfood gcloud config set project coder-dogfood
gcloud config set compute/zone us-central1-a gcloud config set compute/zone us-central1-a
gcloud compute scp ./dist/coder_*_linux_amd64.deb coder:/tmp/coder.deb gcloud compute scp ./dist/coder_*_linux_amd64.deb coder:/tmp/coder.deb
gcloud compute ssh coder -- sudo dpkg -i /tmp/coder.deb gcloud compute ssh coder -- sudo dpkg -i --force-confdef /tmp/coder.deb
gcloud compute ssh coder -- sudo systemctl daemon-reload gcloud compute ssh coder -- sudo systemctl daemon-reload
- name: Start - name: Start

2
coder.service
View File

@ -17,7 +17,7 @@ ProtectHome=read-only
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
SecureBits=keep-caps SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes NoNewPrivileges=yes
ExecStart=/usr/bin/coder start ExecStart=/usr/bin/coder start