diff --git a/container-config/caddy/Caddyfile b/container-config/caddy/Caddyfile index 997c217..c3bd99c 100644 --- a/container-config/caddy/Caddyfile +++ b/container-config/caddy/Caddyfile @@ -34,6 +34,11 @@ strypsteen.me { {"m.server": "matrix.strypsteen.com:443"} EOF } +strypsteen.com { + import base + import tls + respond 404 +} auth.strypsteen.com { import base import tls diff --git a/sandbox/etc/containers/containers.conf.d/sandbox.conf b/sandbox/etc/containers/containers.conf.d/sandbox.conf new file mode 100644 index 0000000..65f0f12 --- /dev/null +++ b/sandbox/etc/containers/containers.conf.d/sandbox.conf @@ -0,0 +1,2 @@ +[containers] +userns="host" diff --git a/sandbox/etc/containers/systemd/browserless.container b/sandbox/etc/containers/systemd/browserless.container index c54d8cb..234f0f7 100644 --- a/sandbox/etc/containers/systemd/browserless.container +++ b/sandbox/etc/containers/systemd/browserless.container @@ -1,5 +1,6 @@ [Container] Image=ghcr.io/browserless/chromium +UserNS=auto Tmpfs=/home/blessuser:mode=1777 Environment=DEBUG=-* PublishPort=3000:3000 diff --git a/sandbox/etc/containers/systemd/code-server.container b/sandbox/etc/containers/systemd/code-server.container index 42dd387..9c0ec77 100644 --- a/sandbox/etc/containers/systemd/code-server.container +++ b/sandbox/etc/containers/systemd/code-server.container @@ -1,5 +1,6 @@ [Container] Image=git.strypsteen.com/infra/code-server +UserNS=auto ReadOnly=false AddDevice=/dev/kvm AddDevice=/dev/net/tun diff --git a/sandbox/etc/containers/systemd/forgejo-runner.container b/sandbox/etc/containers/systemd/forgejo-runner.container index da8eb0d..5e72014 100644 --- a/sandbox/etc/containers/systemd/forgejo-runner.container +++ b/sandbox/etc/containers/systemd/forgejo-runner.container @@ -1,7 +1,8 @@ [Service] Restart=on-failure [Container] -Image=code.forgejo.org/forgejo/runner:5 +Image=code.forgejo.org/forgejo/runner:6 +UserNS=auto SecurityLabelDisable=true Exec=forgejo-runner daemon -c /etc/forgejo-runner/config.yaml Volume=/run/podman:/run/podman:U