So I have mine running in a podman quadlet. It runs as root in the container but it is unpriviledged. Mine has NET_ADMIN and SYS_MODULE but I honestly canât remember why⌠SYS_ADMIN seems extreme though
So I have mine running in a podman quadlet. It runs as root in the container but it is unpriviledged. Mine has NET_ADMIN and SYS_MODULE but I honestly canât remember why⌠SYS_ADMIN seems extreme though
glizzyguzzler@piefed.blahaj.zone â¨1⊠â¨week⊠ago
Care to share your quartet? Iâm just getting into the quads with trixie out - and I havenât gotten this working yetâŚ
somethingsomethingidk@lemmy.world â¨1⊠â¨week⊠ago
Sure thing, Iâll edit this reply when I get back to my computer. Just note that I also have a tailscale and nginx container in the pod which are not necessary.
Youâll see my nginx config which reverse proxies to the port the service is running on. On public servers I have another nginx running with SSL that proxies to the port I map the podâs port 80 to.
I usually run my pods as an unpriviledged user with
loginctl enable-lingerwhich starts the systemd --user services on boot.All that being said I havenât publically exposed linkwarden yet, mainly because itâs the second most resource intensive service I run and I have all my public stuff on a shitty vps.
glizzyguzzler@piefed.blahaj.zone â¨1⊠â¨week⊠ago
Thanks! Thisâll def help me get tooled up for podman :)
starkzarn@infosec.pub â¨6⊠â¨days⊠ago
Just curious why you chose a kube quadlet instead of the typical podman container quadlets?
somethingsomethingidk@lemmy.world â¨6⊠â¨days⊠ago
I think itâs cool that I can take that config and drop it into kubernetes and it usually just works. I donât have a cluster anymore, but if I decide to use one in the future, the overhead will be negligible