El_Quentinator

@El_Quentinator@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Looking for Software to Track Watched Shows⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I’ve been using watcharr for this purpose. It’s fairly simple but fits my needs perfectly (I also really like the ability to change the rating system to be 0-100). It also has a rudimentary import from jellyfin (needs a few clicks, no builtin scheduled imports unfortunately).

Fair warning the last update was 5 months ago but I’m not personally missing anything apart from jellyfin scheduled imports.
⁨Comment⁩ on ⁨Assign privileged port to caddy running with rootless podman⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
TBH I haven’t played with passing caddy’s podman network to other containers, mine is a simple reverse proxy to other standalone containers but not directly connected via podman run --network (or quadlet network). In my scenario I can at least confirm that net.ipv4.ip_unprivileged_port_start doesn’t need to be modified, the only annoyance is that I cannot use a systemd user service, even though the end process doesn’t run as root.
⁨Comment⁩ on ⁨Assign privileged port to caddy running with rootless podman⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
You can use rootless caddy via systemd socket activation, here’s a basic setup:
1. rootless-caddy.service
```
[Unit]
Description=rootless-caddy

Requires=rootless-caddy.socket
After=rootless-caddy.socket

[Service]
# a non root user here
User=El_Quentinator
ExecStart=podman run --name caddy --rm -v [...] docker.io/caddy:alpine

[Install]
WantedBy=default.target
```
1. rootless-caddy.socket
```
[Socket]
BindIPv6Only=both

### sockets for the HTTP reverse proxy
# fd/3
ListenStream=[::]:443

# fdgram/4
ListenDatagram=[::]:443

[Install]
WantedBy=sockets.target
```
1. Caddyfile
```
{$SITE_ADDRESS} {
        # tcp/443
        bind fd/3 {
                protocols h1 h2
        }
        # udp/443
        bind fdgram/4 {
                protocols h3
        }
        [...]
}
```
And that’s it really.

You can find a few more examples over here: github.com/…/podman-caddy-socket-activation

Systemd socket activation has a few more interesting advantages on top of unlocking binding priviliged ports:
- allowing to not bind any port on the container, which itself allows to use –network none while still being able to connect to it via systemd socket, pretty neat to expose some web app while completely cutting it’s external access.
- getting rootful networking performance
- starting up your service only when connecting to it (and potentially shutting it back down after some time)
Drawbacks is that the file descriptor binding is a bit awkward and not always supported. And that podman pods / kube do not support it (or at least not yet).