kube transfer to single-node host

2024-07-08 10:39:56 -04:00
parent d1afa569cc
commit 887df21477
69 changed files with 1675 additions and 2009 deletions
--- a/podman/README.md
+++ b/podman/README.md
@@ -6,7 +6,6 @@
    - [iperf3](#iperf3)
    - [pihole](#pihole)
    - [Cloudflared](#cloudflared)
-    - [WG Easy (Deprecated - use Unifi)](#wg-easy-deprecated---use-unifi)
  - [Update yellow quadlets](#update-yellow-quadlets)

 ## Notes
@@ -85,44 +84,6 @@ podman run \
    compose /compose/cloudflared-compose.yaml
 ```

-### WG Easy (Deprecated - use Unifi)
-
-PASSWORD and PASSWORD_HASH env vars didn't work.
-
-<https://github.com/wg-easy/wg-easy>
-
-Note, to create PASSWORD_HASH run:
-
-```bash
-python -c 'import bcrypt; print(bcrypt.hashpw(b"testpass", bcrypt.gensalt()).decode())'
-```
-
-```bash
-podman run \
-    -v ./podman/quadlets:/quadlets \
-    quay.io/k9withabone/podlet \
-    -f /quadlets \
-    -i \
-    --overwrite \
-    --wants network-online.target \
-    --after network-online.target \
-    --name=wg-easy \
-    podman run \
-    -e LANG=en \
-    -e WG_HOST=wg.reeseapps.com \
-    -e PORT=51821 \
-    -e WG_PORT=51820 \
-    -v wg-easy:/etc/wireguard \
-    -p 51820:51820/udp \
-    -p 51822:51821/tcp \
-    --secret wg_easy_password,type=env,target=PASSWORD_HASH \
-    --cap-add=NET_ADMIN \
-    --cap-add=SYS_MODULE \
-    --cap-add=NET_RAW \
-    --restart unless-stopped \
-    ghcr.io/wg-easy/wg-easy:nightly
-```
-
 ## Update yellow quadlets

 ```bash
--- a/podman/compose/cloudflared-compose.yaml
+++ b/podman/compose/cloudflared-compose.yaml
@@ -7,6 +7,8 @@ services:
    image: docker.io/cloudflare/cloudflared:2024.5.0
    command: proxy-dns --address 0.0.0.0 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
    ports:
-      - "0.0.0.0:5053:5053/tcp"
-      - "0.0.0.0:5053:5053/udp"
+      - "5053:5053/tcp"
+      - "5053:5053/udp"
    restart: unless-stopped
+    networks:
+      - podman1
--- a/podman/compose/iperf3-compose.yaml
+++ b/podman/compose/iperf3-compose.yaml
@@ -5,6 +5,8 @@ services:
    container_name: iperf3
    image: docker.io/networkstatic/iperf3:latest
    ports:
-      - "0.0.0.0:5202:5201/tcp"
+      - "5202:5201/tcp"
    command: -s
    restart: unless-stopped
+    networks:
+      - podman1
--- a/podman/compose/pihole-compose.yaml
+++ b/podman/compose/pihole-compose.yaml
@@ -6,9 +6,9 @@ services:
    container_name: pihole
    image: docker.io/pihole/pihole:2024.05.0
    ports:
-      - "0.0.0.0:53:53/tcp"
-      - "0.0.0.0:53:53/udp"
-      - "0.0.0.0:8081:80/tcp"
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "8081:80/tcp"
    environment:
      TZ: "America/Chicago"
      # WEBPASSWORD: "SET A PASSWORD HERE"
@@ -17,6 +17,8 @@ services:
      - pihole:/etc/pihole
      - dnsmasq:/etc/dnsmasq.d
    restart: unless-stopped
+    networks:
+      - podman1

 volumes:
  pihole:
--- a/podman/quadlets/cloudflared.container
+++ b/podman/quadlets/cloudflared.container
@@ -5,6 +5,7 @@ Wants=network-online.target
 ContainerName=cloudflared
 Exec=proxy-dns --address 0.0.0.0 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
 Image=docker.io/cloudflare/cloudflared:2024.5.0
+Network=podman1.network
 PublishPort=0.0.0.0:5053:5053/tcp
 PublishPort=0.0.0.0:5053:5053/udp

--- a/podman/quadlets/iperf3.container
+++ b/podman/quadlets/iperf3.container
@@ -2,6 +2,7 @@
 ContainerName=iperf3
 Exec=-s
 Image=docker.io/networkstatic/iperf3:latest
+Network=podman1.network
 PublishPort=0.0.0.0:5202:5201/tcp

 [Service]
--- a/podman/quadlets/pihole.container
+++ b/podman/quadlets/pihole.container
@@ -5,6 +5,7 @@ Wants=network-online.target
 ContainerName=pihole
 Environment=TZ=America/Chicago
 Image=docker.io/pihole/pihole:2024.05.0
+Network=podman1.network
 PublishPort=0.0.0.0:53:53/tcp
 PublishPort=0.0.0.0:53:53/udp
 PublishPort=0.0.0.0:8081:80/tcp
--- a/podman/quadlets/podman1.network
+++ b/podman/quadlets/podman1.network
@@ -0,0 +1,3 @@
+# podman1.network
+[Network]
+IPv6=true
--- a/podman/update-quadlets.yaml
+++ b/podman/update-quadlets.yaml
@@ -15,6 +15,7 @@
    - ./quadlets/iperf3.container
    - ./quadlets/pihole.container
    - ./quadlets/cloudflared.container
+    - ./quadlets/podman1.network
  - name: Daemon-reload to trigger re-read of quadlets
    ansible.builtin.systemd_service:
      daemon_reload: true
@@ -22,4 +23,4 @@
    ansible.builtin.systemd_service:
      state: restarted
      name: "{{ item }}"
-    loop: ["pihole", "iperf3", "cloudflared"]
+    loop: ["podman1-network", "pihole", "iperf3", "cloudflared"]