nginx load balancing internal/external working

podman/README.md

@@ -0,0 +1,88 @@
+# Podman
+
+- [Podman](#podman)
+  - [Notes](#notes)
+  - [Podman systemd files](#podman-systemd-files)
+    - [iperf3](#iperf3)
+    - [pihole](#pihole)
+    - [Cloudflared](#cloudflared)
+  - [Update yellow/orange](#update-yelloworange)
+
+## Notes
+
+- podman auth is stored in `/run/user/1000/containers`
+
+## Podman systemd files
+
+Rather than copying compose files or running podman run as systemd services you can
+generate quadlet files to define containers that run at boot.
+
+Podlet generates quadlets - systemd files specifically for containers.
+
+You generate quadlets from compose files like so:
+
+```bash
+podman run \
+    -v ./compose:/compose \
+    -v ./quadlets:/quadlets \
+    quay.io/k9withabone/podlet \
+    -f /quadlets \
+    -i \
+    --overwrite \
+    compose /compose/grafana-compose.yaml
+```
+
+Copy these files to `/usr/share/containers/systemd/`
+
+### iperf3
+
+```bash
+podman run \
+    -v ./compose:/compose \
+    -v ./quadlets:/quadlets \
+    quay.io/k9withabone/podlet \
+    -f /quadlets \
+    -i \
+    --overwrite \
+    compose /compose/iperf3-compose.yaml
+```
+
+### pihole
+
+<https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts>
+
+```bash
+podman run \
+    -v ./podman/compose:/compose \
+    -v ./podman/quadlets:/quadlets \
+    quay.io/k9withabone/podlet \
+    -f /quadlets \
+    -i \
+    --overwrite \
+    --wants network-online.target \
+    --after network-online.target \
+    compose /compose/pihole-compose.yaml
+```
+
+### Cloudflared
+
+Creates a DOH proxy for pihole. Just set the pihole upstream to `10.1.203.197#5053`.
+
+```bash
+podman run \
+    -v ./podman/compose:/compose \
+    -v ./podman/quadlets:/quadlets \
+    quay.io/k9withabone/podlet \
+    -f /quadlets \
+    -i \
+    --overwrite \
+    --wants network-online.target \
+    --after network-online.target \
+    compose /compose/cloudflared-compose.yaml
+```
+
+## Update yellow/orange
+
+```bash
+ansible-playbook -i ./ansible/inventory.yaml podman/update-quadlets.yaml
+```

podman/compose/cloudflared-compose.yaml

@@ -0,0 +1,12 @@
+version: "3"
+
+# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
+services:
+  cloudflared:
+    container_name: cloudflared
+    image: docker.io/cloudflare/cloudflared:2024.5.0
+    command: proxy-dns --address 0.0.0.0 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
+    ports:
+      - "0.0.0.0:5053:5053/tcp"
+      - "0.0.0.0:5053:5053/udp"
+    restart: unless-stopped

podman/compose/iperf3-compose.yaml

@@ -0,0 +1,10 @@
+version: "3"
+
+services:
+  iperf3:
+    container_name: iperf3
+    image: docker.io/networkstatic/iperf3:latest
+    ports:
+      - "127.0.0.1:5201:5201/tcp"
+    command: -s
+    restart: unless-stopped

podman/compose/pihole-compose.yaml

@@ -0,0 +1,23 @@
+version: "3"
+
+# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
+services:
+  pihole:
+    container_name: pihole
+    image: docker.io/pihole/pihole:2024.05.0
+    ports:
+      - "0.0.0.0:53:53/tcp"
+      - "0.0.0.0:53:53/udp"
+      - "0.0.0.0:8081:80/tcp"
+    environment:
+      TZ: "America/Chicago"
+      # WEBPASSWORD: "SET A PASSWORD HERE"
+    # Volumes store your data between container upgrades
+    volumes:
+      - pihole:/etc/pihole
+      - dnsmasq:/etc/dnsmasq.d
+    restart: unless-stopped
+
+volumes:
+  pihole:
+  dnsmasq:

podman/quadlets/cloudflared.container

@@ -0,0 +1,15 @@
+[Unit]
+Wants=network-online.target
+
+[Container]
+ContainerName=cloudflared
+Exec=proxy-dns --address 0.0.0.0 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
+Image=docker.io/cloudflare/cloudflared:2024.5.0
+PublishPort=0.0.0.0:5053:5053/tcp
+PublishPort=0.0.0.0:5053:5053/udp
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

podman/quadlets/iperf3.container

@@ -0,0 +1,11 @@
+[Container]
+ContainerName=iperf3
+Exec=-s
+Image=docker.io/networkstatic/iperf3:latest
+PublishPort=127.0.0.1:5201:5201/tcp
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

podman/quadlets/pihole.container

@@ -0,0 +1,18 @@
+[Unit]
+Wants=network-online.target
+
+[Container]
+ContainerName=pihole
+Environment=TZ=America/Chicago
+Image=docker.io/pihole/pihole:2024.05.0
+PublishPort=0.0.0.0:53:53/tcp
+PublishPort=0.0.0.0:53:53/udp
+PublishPort=0.0.0.0:8081:80/tcp
+Volume=pihole:/etc/pihole
+Volume=dnsmasq:/etc/dnsmasq.d
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

podman/update-quadlets.yaml

@@ -0,0 +1,25 @@
+- name: Update quadlets
+  hosts: colors
+  become: true
+  become_user: root
+  become_method: sudo
+  tasks:
+  - name: Copy quadlets with owner and permissions
+    ansible.builtin.copy:
+      src: "{{ item }}"
+      dest: /usr/share/containers/systemd/
+      owner: root
+      group: root
+      mode: '0644'
+    loop:
+    - ./quadlets/iperf3.container
+    - ./quadlets/pihole.container
+    - ./quadlets/cloudflared.container
+  - name: Daemon-reload to trigger re-read of quadlets
+    ansible.builtin.systemd_service:
+      daemon_reload: true
+  - name: Restart all quadlet services
+    ansible.builtin.systemd_service:
+      state: restarted
+      name: "{{ item }}"
+    loop: ["pihole", "iperf3", "cloudflared"]