fix(infra/k8s): Workaround for nginx crash on pidfile write

Newer versions of nginx apparently hard-crash if they can't write a
PID file in the current directory.

To work around this, some writeable scratch space is created for the
nginx daemon to write its PID to.

infra/kubernetes/nginx/nginx.conf

@@ -1,6 +1,7 @@
 daemon off;
 worker_processes  1;
 error_log stderr;
+pid /run/nginx.pid;
 
 events {
     worker_connections  1024;

infra/kubernetes/nginx/nginx.yaml

@@ -26,20 +26,25 @@ spec:
     spec:
       containers:
         - name: tazblog
-          image: nixery.local/shell/nginx:{{ .version }}
+          image: nixery.local/shell/third_party.nginx:{{ .version }}
           command: ["/bin/bash", "-c"]
           args:
             - |
+              cd /run
               echo 'nogroup:x:30000:nobody' >> /etc/group
               echo 'nobody:x:30000:30000:nobody:/tmp:/bin/bash' >> /etc/passwd
               exec nginx -c /etc/nginx/nginx.conf
           volumeMounts:
             - name: nginx-conf
               mountPath: /etc/nginx
+            - name: nginx-rundir
+              mountPath: /run
       volumes:
         - name: nginx-conf
           configMap:
             name: nginx-conf
+        - name: nginx-rundir
+          emptyDir: {}
 ---
 apiVersion: v1
 kind: Service

infra/kubernetes/primary-cluster.yaml

@@ -35,4 +35,4 @@ include:
   - name: https-lb
   - name: nginx
     values:
-      version: 52fabe4423095f12f67be1c7dbf88b801c1bb521
+      version: a349d5e9145ae9a6c89f62ec631f01fb180de546