services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d1afa569cceb5ce43c0918cfa254275dfd989d01
homelab/podman/README.md
ducoterra d1afa569cc remove orange
2024-06-25 14:22:54 -04:00

3.0 KiB
Raw Blame History

Podman

Notes

  • podman auth is stored in /run/user/1000/containers

Podman systemd files

Rather than copying compose files or running podman run as systemd services you can generate quadlet files to define containers that run at boot.

Podlet generates quadlets - systemd files specifically for containers.

You generate quadlets from compose files like so:

podman run \
    -v ./compose:/compose \
    -v ./quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    compose /compose/grafana-compose.yaml

Copy these files to /usr/share/containers/systemd/

iperf3

podman run \
    -v ./podman/compose:/compose \
    -v ./podman/quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    compose /compose/iperf3-compose.yaml

pihole

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

podman run \
    -v ./podman/compose:/compose \
    -v ./podman/quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    --wants network-online.target \
    --after network-online.target \
    compose /compose/pihole-compose.yaml

Cloudflared

https://docs.pi-hole.net/guides/dns/cloudflared/

Creates a DOH proxy for pihole. Just set the pihole upstream to 10.1.203.197#5053 (yellow) or 10.1.200.253#5053 (orange).

podman run \
    -v ./podman/compose:/compose \
    -v ./podman/quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    --wants network-online.target \
    --after network-online.target \
    compose /compose/cloudflared-compose.yaml

WG Easy (Deprecated - use Unifi)

PASSWORD and PASSWORD_HASH env vars didn't work.

https://github.com/wg-easy/wg-easy

Note, to create PASSWORD_HASH run:

python -c 'import bcrypt; print(bcrypt.hashpw(b"testpass", bcrypt.gensalt()).decode())'

podman run \
    -v ./podman/quadlets:/quadlets \
    quay.io/k9withabone/podlet \
    -f /quadlets \
    -i \
    --overwrite \
    --wants network-online.target \
    --after network-online.target \
    --name=wg-easy \
    podman run \
    -e LANG=en \
    -e WG_HOST=wg.reeseapps.com \
    -e PORT=51821 \
    -e WG_PORT=51820 \
    -v wg-easy:/etc/wireguard \
    -p 51820:51820/udp \
    -p 51822:51821/tcp \
    --secret wg_easy_password,type=env,target=PASSWORD_HASH \
    --cap-add=NET_ADMIN \
    --cap-add=SYS_MODULE \
    --cap-add=NET_RAW \
    --restart unless-stopped \
    ghcr.io/wg-easy/wg-easy:nightly

Update yellow quadlets

ansible-playbook -i ./ansible/inventory.yaml podman/update-quadlets.yaml
Reference in New Issue View Git Blame Copy Permalink