From 34bdae1bb8dd10053ad9bfe6c407910b715450d2 Mon Sep 17 00:00:00 2001 From: sudo-kraken Date: Tue, 3 Dec 2024 17:42:44 +0000 Subject: [PATCH 1/2] added quadlets for foundryvtt, netboot.xyz and joplin --- quadlets/foundryvtt/foundryvtt.container | 36 ++++++++++++++++++++++ quadlets/foundryvtt/foundryvtt.network | 4 +++ quadlets/foundryvtt/foundryvtt.volume | 2 ++ quadlets/joplin/joplin-db.container | 27 ++++++++++++++++ quadlets/joplin/joplin.container | 31 +++++++++++++++++++ quadlets/joplin/joplin.network | 4 +++ quadlets/joplin/joplindb-data.volume | 2 ++ quadlets/netboot-xyz/netboot-xyz.container | 35 +++++++++++++++++++++ quadlets/netboot-xyz/netboot-xyz.network | 4 +++ quadlets/netboot-xyz/netboot-xyz.volume | 2 ++ 10 files changed, 147 insertions(+) create mode 100644 quadlets/foundryvtt/foundryvtt.container create mode 100644 quadlets/foundryvtt/foundryvtt.network create mode 100644 quadlets/foundryvtt/foundryvtt.volume create mode 100644 quadlets/joplin/joplin-db.container create mode 100644 quadlets/joplin/joplin.container create mode 100644 quadlets/joplin/joplin.network create mode 100644 quadlets/joplin/joplindb-data.volume create mode 100644 quadlets/netboot-xyz/netboot-xyz.container create mode 100644 quadlets/netboot-xyz/netboot-xyz.network create mode 100644 quadlets/netboot-xyz/netboot-xyz.volume diff --git a/quadlets/foundryvtt/foundryvtt.container b/quadlets/foundryvtt/foundryvtt.container new file mode 100644 index 0000000..a8697fe --- /dev/null +++ b/quadlets/foundryvtt/foundryvtt.container @@ -0,0 +1,36 @@ +[Unit] +Description=Foundry VTT Quadlet +Wants=network-online.target +After=network-online.target +After=local-fs.target + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=multi-user.target default.target + +[Container] +Image=docker.io/felddy/foundryvtt:release +ContainerName=foundryvtt +HostName=foundryvtt +#AutoUpdate=registry + +# Set this instead to expose it locally for asset uploads etc +Volume=./foundryvtt:/data:z +#Volume=foundryvtt-data:/data + +Network=foundryvtt.network +PublishPort=30000:30000 + +Environment=TIMEZONE= +Environment=FOUNDRY_UID= +Environment=FOUNDRY_GID= +Environment=FOUNDRY_PASSWORD= +Environment=FOUNDRY_USERNAME= +Environment=FOUNDRY_ADMIN_KEY= +Environment=FOUNDRY_LICENSE_KEY=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX +Environment=FOUNDRY_HOT_RELOAD=true +Environment=CONTAINER_PRESERVE_CONFIG=true +Environment=CONTAINER_CACHE="/data/container_cache" \ No newline at end of file diff --git a/quadlets/foundryvtt/foundryvtt.network b/quadlets/foundryvtt/foundryvtt.network new file mode 100644 index 0000000..52a2829 --- /dev/null +++ b/quadlets/foundryvtt/foundryvtt.network @@ -0,0 +1,4 @@ +[Network] +Subnet=10.20.40.0/24 +Gateway=10.20.40.1 +Label=app=foundryvtt \ No newline at end of file diff --git a/quadlets/foundryvtt/foundryvtt.volume b/quadlets/foundryvtt/foundryvtt.volume new file mode 100644 index 0000000..aa128ee --- /dev/null +++ b/quadlets/foundryvtt/foundryvtt.volume @@ -0,0 +1,2 @@ +[Volume] +VolumeName=foundryvtt-data \ No newline at end of file diff --git a/quadlets/joplin/joplin-db.container b/quadlets/joplin/joplin-db.container new file mode 100644 index 0000000..111a9df --- /dev/null +++ b/quadlets/joplin/joplin-db.container @@ -0,0 +1,27 @@ +[Unit] +Description=Joplin DB Quadlet +WantedBy=joplin.service +Wants=network-online.target +After=network-online.target +After=local-fs.target + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=multi-user.target default.target + +[Container] +Image=docker.io/library/postgres:15 +ContainerName=joplin-db +HostName=joplin-db +#AutoUpdate=registry + +Network=joplin.network + +Volume=joplindb-data:/var/lib/postgresql/data + +Environment=POSTGRES_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +Environment=POSTGRES_USER=postgres +Environment=POSTGRES_DB=joplin diff --git a/quadlets/joplin/joplin.container b/quadlets/joplin/joplin.container new file mode 100644 index 0000000..4a4270b --- /dev/null +++ b/quadlets/joplin/joplin.container @@ -0,0 +1,31 @@ +[Unit] +Description=Joplin Server Quadlet +Wants=network-online.target +After=network-online.target +After=local-fs.target + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=multi-user.target default.target + +[Container] +Image=docker.io/etechonomy/joplin-server:latest +ContainerName=joplin-server +HostName=joplin-server +Network=joplin.network +#AutoUpdate=registry + +Network=joplin.network +PublishPort=22300:22300 + +Environment=APP_BASE_URL=https://xxxxx.xxx +Environment=APP_PORT=22300 +Environment=DB_CLIENT=pg +Environment=POSTGRES_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +Environment=POSTGRES_DATABASE=joplin +Environment=POSTGRES_USER=postgres +Environment=POSTGRES_PORT=5432 +Environment=POSTGRES_HOST=joplin-db \ No newline at end of file diff --git a/quadlets/joplin/joplin.network b/quadlets/joplin/joplin.network new file mode 100644 index 0000000..ede62ba --- /dev/null +++ b/quadlets/joplin/joplin.network @@ -0,0 +1,4 @@ +[Network] +Subnet=10.20.10.0/24 +Gateway=10.20.10.1 +Label=app=joplin \ No newline at end of file diff --git a/quadlets/joplin/joplindb-data.volume b/quadlets/joplin/joplindb-data.volume new file mode 100644 index 0000000..5f30a12 --- /dev/null +++ b/quadlets/joplin/joplindb-data.volume @@ -0,0 +1,2 @@ +[Volume] +VolumeName=joplindb-data \ No newline at end of file diff --git a/quadlets/netboot-xyz/netboot-xyz.container b/quadlets/netboot-xyz/netboot-xyz.container new file mode 100644 index 0000000..92d0db0 --- /dev/null +++ b/quadlets/netboot-xyz/netboot-xyz.container @@ -0,0 +1,35 @@ +[Unit] +Description=Netbook.xyz Quadlet +Wants=network-online.target +After=network-online.target +After=local-fs.target + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=multi-user.target default.target + +[Container] +Image=lscr.io/linuxserver/netbootxyz:latest +ContainerName=netboot-xyz +HostName=netboot-xyz +#AutoUpdate=registry + +Volume=netboot-xyz-config:/config +Volume=./netboot-xyz/assets:/assets:z + +Network=netboot-xyz.network +PublishPort=3000:3000 +PublishPort=8082:80 +PublishPort=69:69/udp + +Environment=PUID= +Environment=PGID= +Environment=TZ= +Environment=PORT_RANGE=30000:30010 +Environment=SUBFOLDER=/ +Environment=WEB_APP_PORT=3000 + + diff --git a/quadlets/netboot-xyz/netboot-xyz.network b/quadlets/netboot-xyz/netboot-xyz.network new file mode 100644 index 0000000..b62f12a --- /dev/null +++ b/quadlets/netboot-xyz/netboot-xyz.network @@ -0,0 +1,4 @@ +[Network] +Subnet=10.20.30.0/24 +Gateway=10.20.30.1 +Label=app=netboot-xyz \ No newline at end of file diff --git a/quadlets/netboot-xyz/netboot-xyz.volume b/quadlets/netboot-xyz/netboot-xyz.volume new file mode 100644 index 0000000..394453a --- /dev/null +++ b/quadlets/netboot-xyz/netboot-xyz.volume @@ -0,0 +1,2 @@ +[Volume] +VolumeName=netboot-xyz-config \ No newline at end of file -- 2.45.3 From f3fca31dd9f962627a0042dbdea6065d28bb279b Mon Sep 17 00:00:00 2001 From: redbeardymcgee Date: Tue, 3 Dec 2024 14:00:50 -0600 Subject: [PATCH 2/2] tidy: formatting --- AlmaLinux.md | 43 ++++++++++++++++++++++++++----------------- README.md | 2 +- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/AlmaLinux.md b/AlmaLinux.md index 0ac0fea..8cda584 100644 --- a/AlmaLinux.md +++ b/AlmaLinux.md @@ -3,7 +3,8 @@ My proof of concept server running this container stack is built on AlmaLinux 9.4. -> [!WARNING] Perform `dnf update` immediately +> [!WARNING] +> Perform `dnf update` immediately ### [Repositories](https://wiki.almalinux.org/repos/) @@ -103,15 +104,16 @@ printf '%s\n' \ ## Cockpit -> https://ip-addr:9090 -> [!WARNING] Disable the firewall if you are lazy -> Exposing ports for other services can be exhausting and I have not learned -> how to do this for containers properly. Each container may need a new rule -> for something, not sure. +> [!WARNING] +> Disable the firewall if you are lazy Exposing ports for other services can be +> exhausting and I have not learned how to do this for containers properly. +> Each container may need a new rule for something, not sure. > ```bash > systemctl disable --now firewalld > ``` -> [!TODO] Should be able to set up good firewall with only 80/443 open. +> [!NOTE] +> Should be able to set up good firewall with only 80/443 open. Enable the socket-activated cockpit service and allow it through the firewall. @@ -125,7 +127,8 @@ firewall-cmd --reload ### Add SSH keys -> [!TIP] Skip if you copied your keys with `ssh-copy-id` above. +> [!TIP] +> Skip if you copied your keys with `ssh-copy-id` above. `Accounts` -> `Your account` -> `Authorized public SSH keys` -> `Add Key` @@ -149,14 +152,15 @@ dnf install podman systemctl enable --now podman ``` -> [!NOTE] Read the docs. +> [!NOTE] +> Read the docs. > `man podman-systemd.unit` ### Prepare host networking stack #### slirp4netns -> [!TODO] +> [!NOTE] > This may not be necessary but my system is currently using it. ```bash @@ -165,16 +169,18 @@ dnf install slirp4netns #### Install DNS server for `podman` -> [!TODO] +> [!NOTE] > Not sure how to resolve these correctly yet but the journal logs it > so it's running for something. ```bash dnf install aardvark-dns ``` + #### Allow rootless binding port 80+ -> [!NOTE] This is only necessary if you are setting up the reverse proxy. +> [!NOTE] +> This is only necessary if you are setting up the reverse proxy. ```bash printf '%s\n' 'net.ipv4.ip_unprivileged_port_start=80' > /etc/sysctl.d/99-unprivileged-port-binding.conf @@ -214,11 +220,12 @@ usermod --add-subuids 200000-299999 --add-subgids 200000-299999 $ctuser loginctl enable-linger $ctuser ``` -> [!TIP] Optionally setup ssh keys to directly login to $ctuser. +> [!TIP] +> Optionally setup ssh keys to directly login to $ctuser. -> [!NOTE] The login shell doesn't exist. -> Launch `bash -l` manually to get a shell or else your `ssh` will exit with a -> status of 1. +> [!NOTE] +> The login shell doesn't exist. Launch `bash -l` manually to get a shell or +> else your `ssh` will exit with a status of 1. ### Setup $ctuser env @@ -236,10 +243,12 @@ systemctl --user enable --now podman-auto-update exit ``` -> [!WARNING] I disabled SELinux to not deal with this for every container. +> [!WARNING] +> I disabled SELinux to not deal with this for every container. > /etc/selinux/config -> `SELINUX=disabled` -> [!TODO] Set up the correct policies permanently instead of disabling SELinux +> [!NOTE] +> Set up the correct policies permanently instead of disabling SELinux Temporarily set SELinux policy to allow containers to use devices. diff --git a/README.md b/README.md index 004ed78..9a5ba6d 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ Dec 01 08:42:05 perseus helloworld[1143334]: Mastodon: @Podman_io@fosstodon.org ```bash # Step 1 git clone --depth=1 https://github.com/redbeardymcgee/podbox -cp -a "podbox/quadlets/thelounge" "$XDG_CONFIG_HOME/containers/systemd/" +cp -a podbox/quadlets/thelounge "$XDG_CONFIG_HOME"/containers/systemd/ # Step 2 $EDITOR "$XDG_CONFIG_HOME"/containers/systemd/thelounge/* # Step 3 -- 2.45.3