From 71d00e7789b401d5992f9a0651bf22cddf389f71 Mon Sep 17 00:00:00 2001 From: Mathieu Strypsteen Date: Wed, 20 Nov 2024 21:23:04 +0100 Subject: [PATCH] Rework podman network --- gpu/etc/containers/systemd/ollama.container | 5 +++++ home/etc/containers/systemd/big-agi.container | 1 - home/etc/containers/systemd/collabora.container | 1 - home/etc/containers/systemd/element.container | 1 - home/etc/containers/systemd/monero.container | 3 +-- home/etc/containers/systemd/nextcloud.container | 1 - home/etc/containers/systemd/nginx.network | 2 -- home/etc/containers/systemd/ntfy.container | 1 - home/etc/containers/systemd/postgresql.container | 3 ++- home/etc/containers/systemd/synapse.container | 3 +-- .../systemd/{postgresql.network => synapse.network} | 0 setup-gpu.sh | 2 +- 12 files changed, 10 insertions(+), 13 deletions(-) create mode 100644 gpu/etc/containers/systemd/ollama.container delete mode 100644 home/etc/containers/systemd/nginx.network rename home/etc/containers/systemd/{postgresql.network => synapse.network} (100%) diff --git a/gpu/etc/containers/systemd/ollama.container b/gpu/etc/containers/systemd/ollama.container new file mode 100644 index 0000000..ef1a930 --- /dev/null +++ b/gpu/etc/containers/systemd/ollama.container @@ -0,0 +1,5 @@ +[Container] +Image=docker.io/ollama/ollama +AutoUpdate=registry +[Install] +WantedBy=multi-user.target diff --git a/home/etc/containers/systemd/big-agi.container b/home/etc/containers/systemd/big-agi.container index c0fcf88..d22a026 100644 --- a/home/etc/containers/systemd/big-agi.container +++ b/home/etc/containers/systemd/big-agi.container @@ -1,6 +1,5 @@ [Container] Image=git.strypsteen.com/infra/big-agi -Network=nginx.network Environment=HTTP_BASIC_AUTH_USERNAME=mathieu Environment=PUPPETEER_WSS_ENDPOINT=ws://sandbox.server.home.arpa:3000 Secret=HTTP_BASIC_AUTH_PASSWORD,type=env diff --git a/home/etc/containers/systemd/collabora.container b/home/etc/containers/systemd/collabora.container index 98c09d3..38b74c8 100644 --- a/home/etc/containers/systemd/collabora.container +++ b/home/etc/containers/systemd/collabora.container @@ -2,7 +2,6 @@ Image=docker.io/collabora/code UserNS=host ReadOnly=false -Network=nginx.network Volume=/var/lib/container-data/collabora.xml:/etc/coolwsd/coolwsd.xml:U,Z PublishPort=10.0.1.2:8010:9980 AutoUpdate=registry diff --git a/home/etc/containers/systemd/element.container b/home/etc/containers/systemd/element.container index be548fd..bbbc3ee 100644 --- a/home/etc/containers/systemd/element.container +++ b/home/etc/containers/systemd/element.container @@ -1,6 +1,5 @@ [Container] Image=docker.io/vectorim/element-web -Network=nginx.network LogDriver=none Volume=/var/lib/system-config/container-config/element/config.json:/app/config.json:z,ro Tmpfs=/var/cache/nginx diff --git a/home/etc/containers/systemd/monero.container b/home/etc/containers/systemd/monero.container index 910bf25..fc979c9 100644 --- a/home/etc/containers/systemd/monero.container +++ b/home/etc/containers/systemd/monero.container @@ -1,7 +1,6 @@ [Container] Image=docker.io/btcpayserver/monero:0.18.3.4 -Network=nginx.network -Exec=monerod --non-interactive --prune-blockchain --rpc-use-ipv6 --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-ipv6-address=:: --rpc-restricted-bind-port=18089 +Exec=monerod --non-interactive --prune-blockchain --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 Volume=monero.volume:/home/monero/.bitmonero:U,Z PublishPort=10.0.1.2:8012:18089 AutoUpdate=registry diff --git a/home/etc/containers/systemd/nextcloud.container b/home/etc/containers/systemd/nextcloud.container index 393a777..b02fa81 100644 --- a/home/etc/containers/systemd/nextcloud.container +++ b/home/etc/containers/systemd/nextcloud.container @@ -4,7 +4,6 @@ After=postgresql.service nextcloud-valkey.service [Container] Image=docker.io/nextcloud Network=nextcloud.network -Network=postgresql.network Entrypoint=sh Exec=-c "chown -Rh www-data:www-data /var/www/html && busybox crond && /entrypoint.sh apache2-foreground > /dev/null" Volume=nextcloud.volume:/var/www/html:U,Z diff --git a/home/etc/containers/systemd/nginx.network b/home/etc/containers/systemd/nginx.network deleted file mode 100644 index 70cde7b..0000000 --- a/home/etc/containers/systemd/nginx.network +++ /dev/null @@ -1,2 +0,0 @@ -[Network] -IPv6=true diff --git a/home/etc/containers/systemd/ntfy.container b/home/etc/containers/systemd/ntfy.container index edfd6e1..7d5c507 100644 --- a/home/etc/containers/systemd/ntfy.container +++ b/home/etc/containers/systemd/ntfy.container @@ -1,6 +1,5 @@ [Container] Image=docker.io/binwiederhier/ntfy -Network=nginx.network Exec=serve Volume=ntfy.volume:/var/lib/ntfy:U,Z Environment=NTFY_AUTH_DEFAULT_ACCESS=write-only diff --git a/home/etc/containers/systemd/postgresql.container b/home/etc/containers/systemd/postgresql.container index 905bf44..3d722ed 100644 --- a/home/etc/containers/systemd/postgresql.container +++ b/home/etc/containers/systemd/postgresql.container @@ -1,6 +1,7 @@ [Container] Image=docker.io/postgres:16-alpine -Network=postgresql.network +Network=nextcloud.network +Network=synapse.network Volume=postgresql.volume:/var/lib/postgresql/data:U,Z Secret=POSTGRES_PASSWORD,type=env AutoUpdate=registry diff --git a/home/etc/containers/systemd/synapse.container b/home/etc/containers/systemd/synapse.container index f5b9c40..55d6ae0 100644 --- a/home/etc/containers/systemd/synapse.container +++ b/home/etc/containers/systemd/synapse.container @@ -3,8 +3,7 @@ Requires=postgresql.service After=postgresql.service [Container] Image=docker.io/matrixdotorg/synapse -Network=nginx.network -Network=postgresql.network +Network=synapse.network User=991 Exec=run --config-path /etc/synapse/homeserver.yaml --config-path /etc/synapse.yaml Volume=/var/lib/system-config/container-config/synapse:/etc/synapse:z,ro diff --git a/home/etc/containers/systemd/postgresql.network b/home/etc/containers/systemd/synapse.network similarity index 100% rename from home/etc/containers/systemd/postgresql.network rename to home/etc/containers/systemd/synapse.network diff --git a/setup-gpu.sh b/setup-gpu.sh index b54f162..90fbf3f 100644 --- a/setup-gpu.sh +++ b/setup-gpu.sh @@ -2,7 +2,7 @@ set -euo pipefail cp -R desktop/* gpu/* / sh setup-desktop.sh -systemctl enable --now sshd +systemctl enable --now podman-auto-update.timer sshd systemctl disable auditd sed "s/SUB_UID_COUNT.*/SUB_UID_COUNT 16777216/" -i /etc/login.defs sed "s/SUB_GID_COUNT.*/SUB_GID_COUNT 16777216/" -i /etc/login.defs