Soweit so gut, mein Setup #caddy und #vaultwarden als #rootless #podman Container als #systemd service läuft schon ein paar Tage stabil. Backups werden täglich durchgeführt und via #borgbackup in eine #Hetzner storage box gesichert.

Wer mehr wissen will:
https://codeberg.org/EinApfelBaum/ansible.podman-01

NixOS and My Descent into Insanity
https://ersei.net/en/blog/its-nixin-time
#nixos #nix #rootless #home #manager #root #home_manager

Mostly it's time-consuming and frustrating, but the lasting joy of a new self-hosted reliable system outweighs it. 😤 😵 😴

Wireguard on the Raspberry Pi as VPN on demand on iOS has been running like a charm for 1 year. Nextcloud in a rootless Docker container is the latest success. 🤩 🦾 🥳

What tech. success gives you lasting happiness?

#wireguard #selfhosting #raspberrypi #docker #rootless

Bevor ich mich nochmals mit der #rootless #podman Netzwerk Thematik beschäftige, habe ich mich um ein Restore von container volumes aus einer *.tar Backup Datei mittels #ansible gekümmert. Das funktioniert schon erstaunlich gut, hab es mit #caddy und #vaultwarden getestet.

Heute auch etwas refactored und Dokumentation hinzugefügt, ja richtig gelesen, Dokumentation. 😁

Wow... #rootless #podman #caddy hat mich die letzte Woche ganz schön beschäftigt.
- HTTP Challenge benötigt das binden an privilegierte Ports. Kann umgangen werden, alles aber sehr unschön.
- DNS Challenge mittels certbot und mounten der Zertifikate in den Container, hier müssten die Dateiberechtigungen angepasst werden, damit caddy Zugriff hat.
=> jetzt wird mittels iptables traffic von 80/443 auf unpriviligierte Ports redirected. ✅️
Mal wieder einiges gelernt. ☺️

Tach auch,

diesmal auf deutsch: ich arbeite gerade auf meinem mac mit Podman. Nun habe ich das Problem, dass ich volumes in die Container mounte aber die Container rootless laufen (sollen) in einem pod.

Leider kann ich dann nicht in den Containern schreiben lassen, da die Daten ja dem lokalen Benutzer gehören und nicht dem im Container.

Wie kann ich die Container (fpm,nginx,Postgres) im pod laufen lassen aber auch die volumes im fpm beschreibbar machen?!
#podman #devops #container #rootless

If you're looking for a way to safely use any application with the #tor network, without the overhead of #whonix, then I suggest you try TorVirt.

It's a simple #shellscript that sets up a #libvirt #virtual #network and a Tor daemon in a #lightweight #rootless #podman #container.

This way, all #VM network traffic is routed through Tor, without the need for a second gateway VM.

Enhanced #security with #KVM performances!

https://forge.chapril.org/hardcoresushi/torvirt

I'd love to hear your feedback 🤗

After reading a lot of Dan Walsh's articles on the matter, for the first time in my life I feel like understanding #containers, #podman, #docker, #rootful and #rootless, and how they differ in Docker vs. Podman. Which just means I misunderstood enough to be dangerous.

(tbf, I come from a probably not-so-common perspective of having had an okayish grasp of user namespaces but didn't grok podman.)

Glad to see the #apptainer #container technology continue to innovate!

https://ciq.co/blog/managing-containerized-services-with-apptainer-and-systemd/?utm_source=social&utm_medium=sprout&utm_campaign=apptainer&utm_term=april2023

#linux #systemd #rootless

The ongoing saga of Maplin in Containerland:

I've asked on Reddit, because I'm done smashing my head against my keyboard.

https://www.reddit.com/r/jellyfin/comments/12n6lqw/problems_with_rootless_jellyfin_in_podman/

In short, it's #SELinux labels, but it's not my --volume paths.

#jellyfin #podman #containers #rootless #openSUSE #MicroOS

Yesterday's container shenanigans included:

- Downloading two #Jellyfin images (official and #LinuxServer) from Docker Hub
- Failing to get either of the images working (immediate crash, or never-ending errors)
- Discovering that #linuxserver categorically do not support #podman or #rootless #containers (although people have managed it with varying results)
- Realising I still don't really understand #SELinux and how it deals with permissions

Still some way to go...

#Linux #AlwaysLearning

Yesterday's container shenanigans included:

- Downloading two #Jellyfin images (#official and #LinuxServer)
- Failing to get either of the images working (immediate crash, or never-ending errors)
- Discovering that #linuxserver categorically do not support #podman or #rootless #containers (although people have managed it with varying results)
- Realising that I still don't really understand #SELinux and how it deals with permissions

Still some way to go...

#Linux #AlwaysLearning

For anyone who wants to get started with #containers, specifically with #Podman (it might not be as useful if you already know Docker), this is a well-paced beginners guide to using it on the command line.

It's aimed at RHEL-based distros, but other than installing the initial packages it should work with any #Linux distro.

One criticism: I wish it covered using #rootless containers with #systemd and starting them at boot.

https://www.youtube.com/watch?v=piwcpd_hWn0

Spent half the day yesterday picking my way through a (frankly badly written) paper that gets students to build a small #ActiveDirectory network, and making notes. Spent the other half learning more about #rootless #containers with #Podman and scratching the surface of #SELinux.

This morning, my eyes are sore.

Plan today is to get to the gym (or at least do some yoga), get some marking done, then (if I can face it) actually implement some of the container stuff I've learned in a #MicroOS VM.

Rootless Podman

Mit etwas Vorbereitung ist es möglich Podman Container als regulärer Benutzer auszuführen.

#Podman #Rootless #cgroups #Container #Linux

https://gnulinux.ch/rootless-podman

Neu im #Blog: URL: #Seafile Professional Edition in #Rootless-#Podman-Umgebung mit #Ansible bereitstellen. https://www.my-it-brain.de/wordpress/ansible-seafile-professional-edition-in-rootless-podman-umgebung-bereitstellen/

Don’t sleep on the latest ep of the #BrokedownPodcast

Interview with #rootless

Plus tributes to #DavidCrosby and #TomVerlaine

From: @rowjimmy
https://shakedown.social/@rowjimmy/109902953132617502

Inside fat podman's/container.conf there is a slim one for a rootless setup I desperately trying to find.

No luck. Dozens of weird podman/conmon/runc/crun/proc/sys/cgroups errors inside. Looking for endless numbers of github issues, block articles and so. Last straw was a buildx related cgroup error. So back with a (running as a root) docker.

#podman #rootless #docker #fail

TIL #rootless #Docker hosting of containers requires lingering to be enabled, otherwise processes get terminated when you log out. In this setup, if you can only reach your local #HomeAssistant when logged in via SSH, that's probably why.

https://docs.docker.com/engine/security/rootless/

#Introduction Some backstory. Child of the late '60s/'70's and all that entails. #Dysfunctional #Family #Formative #Books Anything by Ken Kesey. Heinlein et al. #Politics, always left. #Him #Socialist, #LSE #SocialAnthropologist #European #Internationalist #Weslyan #Methodist. #Rootless #Tramp #Traveller #Love #NotHate #Cook #Gardener #MetaPhysics #Jungian #Holistic #Android #ToriesOut #AGC #Photographer #Radio3 "More inevitably will follow"