# Podman

- [Podman](#podman)
  - [Notes](#notes)
  - [Podman systemd files](#podman-systemd-files)
    - [iperf3](#iperf3)
    - [pihole](#pihole)
    - [Cloudflared](#cloudflared)
    - [WG Easy (Deprecated - use Unifi)](#wg-easy-deprecated---use-unifi)
  - [Update yellow quadlets](#update-yellow-quadlets)

## Notes

- podman auth is stored in `/run/user/1000/containers`

## Podman systemd files

Rather than copying compose files or running podman run as systemd services you can
generate quadlet files to define containers that run at boot.

Podlet generates quadlets - systemd files specifically for containers.

You generate quadlets from compose files like so:

```bash
podman run \
    -v ./compose:/compose \
    -v ./quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    compose /compose/grafana-compose.yaml
```

Copy these files to `/usr/share/containers/systemd/`

### iperf3

```bash
podman run \
    -v ./podman/compose:/compose \
    -v ./podman/quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    compose /compose/iperf3-compose.yaml
```

### pihole

<https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts>

```bash
podman run \
    -v ./podman/compose:/compose \
    -v ./podman/quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    --wants network-online.target \
    --after network-online.target \
    compose /compose/pihole-compose.yaml
```

### Cloudflared

https://docs.pi-hole.net/guides/dns/cloudflared/

Creates a DOH proxy for pihole. Just set the pihole upstream to `10.1.203.197#5053` (yellow) or
`10.1.200.253#5053` (orange).

```bash
podman run \
    -v ./podman/compose:/compose \
    -v ./podman/quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    --wants network-online.target \
    --after network-online.target \
    compose /compose/cloudflared-compose.yaml
```

### WG Easy (Deprecated - use Unifi)

PASSWORD and PASSWORD_HASH env vars didn't work.

<https://github.com/wg-easy/wg-easy>

Note, to create PASSWORD_HASH run:

```bash
python -c 'import bcrypt; print(bcrypt.hashpw(b"testpass", bcrypt.gensalt()).decode())'
```

```bash
podman run \
    -v ./podman/quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    --wants network-online.target \
    --after network-online.target \
    --name=wg-easy \
    podman run \
    -e LANG=en \
    -e WG_HOST=wg.reeseapps.com \
    -e PORT=51821 \
    -e WG_PORT=51820 \
    -v wg-easy:/etc/wireguard \
    -p 51820:51820/udp \
    -p 51822:51821/tcp \
    --secret wg_easy_password,type=env,target=PASSWORD_HASH \
    --cap-add=NET_ADMIN \
    --cap-add=SYS_MODULE \
    --cap-add=NET_RAW \
    --restart unless-stopped \
    ghcr.io/wg-easy/wg-easy:nightly
```

## Update yellow quadlets

```bash
ansible-playbook -i ./ansible/inventory.yaml podman/update-quadlets.yaml
```