So I have mine running in a podman quadlet. It runs as root in the container but it is unpriviledged. Mine has NET_ADMIN and SYS_MODULE but I honestly can’t remember why… SYS_ADMIN seems extreme though
So I have mine running in a podman quadlet. It runs as root in the container but it is unpriviledged. Mine has NET_ADMIN and SYS_MODULE but I honestly can’t remember why… SYS_ADMIN seems extreme though
glizzyguzzler@piefed.blahaj.zone 1 month ago
Care to share your quartet? I’m just getting into the quads with trixie out - and I haven’t gotten this working yet…
somethingsomethingidk@lemmy.world 1 month ago
Sure thing, I’ll edit this reply when I get back to my computer. Just note that I also have a tailscale and nginx container in the pod which are not necessary.
You’ll see my nginx config which reverse proxies to the port the service is running on. On public servers I have another nginx running with SSL that proxies to the port I map the pod’s port 80 to.
I usually run my pods as an unpriviledged user with
loginctl enable-lingerwhich starts the systemd --user services on boot.All that being said I haven’t publically exposed linkwarden yet, mainly because it’s the second most resource intensive service I run and I have all my public stuff on a shitty vps.
glizzyguzzler@piefed.blahaj.zone 1 month ago
Thanks! This’ll def help me get tooled up for podman :)
starkzarn@infosec.pub 1 month ago
Just curious why you chose a kube quadlet instead of the typical podman container quadlets?
somethingsomethingidk@lemmy.world 1 month ago
I think it’s cool that I can take that config and drop it into kubernetes and it usually just works. I don’t have a cluster anymore, but if I decide to use one in the future, the overhead will be negligible