Update

2022-08-21 10:59:37 +02:00 · 2022-08-21 10:59:37 +02:00 · 255f742ddc
parent baba7a3379
commit 255f742ddc
29 changed files with 566 additions and 36 deletions
--- a/container-authentik-postgres.service
+++ b/container-authentik-postgres.service
@ -0,0 +1,38 @@
+# container-authentik-postgres.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman container-authentik-postgres.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-authentik.service
+After=pod-authentik.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--pod-id-file %t/pod-authentik.pod-id \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name authentik-postgres \
+	--label io.containers.autoupdate=registry \
+	-v authentik-db:/var/lib/postgresql/data:Z \
+	-e POSTGRES_PASSWORD=authentik \
+	-e POSTGRES_USER=authentik \
+	-e POSTGRES_DB=authentik docker.io/postgres:12-alpine
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-authentik-redis.service
+++ b/container-authentik-redis.service
@ -0,0 +1,34 @@
+# container-authentik-redis.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman container-authentik-redis.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-authentik.service
+After=pod-authentik.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--pod-id-file %t/pod-authentik.pod-id \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--label io.containers.autoupdate=registry \
+	--name authentik-redis docker.io/redis:alpine
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-authentik-server.service
+++ b/container-authentik-server.service
@ -0,0 +1,43 @@
+# container-authentik-server.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman container-authentik-server.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-authentik.service
+After=pod-authentik.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--pod-id-file %t/pod-authentik.pod-id \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name authentik-server \
+	--label io.containers.autoupdate=registry \
+	-v authentik-media:/media:z \
+	-v authentik-templates:/templates:z \
+	-e AUTHENTIK_SECRET_KEY=P8UNDagVZS1HMUxoaov7ouP2CxpAuODBpFYyJ773w3N7Pk96m4 \
+	-e AUTHENTIK_ERROR_REPORTING__ENABLED=true \
+	-e AUTHENTIK_REDIS__HOST=localhost \
+	-e AUTHENTIK_POSTGRESQL__HOST=localhost \
+	-e AUTHENTIK_POSTGRESQL__USER=authentik \
+	-e AUTHENTIK_POSTGRESQL__NAME=authentik \
+	-e AUTHENTIK_POSTGRESQL__PASSWORD=authentik ghcr.io/goauthentik/server:latest server
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-authentik-worker.service
+++ b/container-authentik-worker.service
@ -0,0 +1,44 @@
+# container-authentik-worker.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman container-authentik-worker.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-authentik.service
+After=pod-authentik.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--pod-id-file %t/pod-authentik.pod-id \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name authentik-worker \
+	--label io.containers.autoupdate=registry \
+	-v authentik-media:/media:z \
+	-v authentik-templates:/templates:z \
+	-v authentik-certs:/certs:Z \
+	-e AUTHENTIK_SECRET_KEY=P8UNDagVZS1HMUxoaov7ouP2CxpAuODBpFYyJ773w3N7Pk96m4 \
+	-e AUTHENTIK_ERROR_REPORTING__ENABLED=true \
+	-e AUTHENTIK_REDIS__HOST=localhost \
+	-e AUTHENTIK_POSTGRESQL__HOST=localhost \
+	-e AUTHENTIK_POSTGRESQL__USER=authentik \
+	-e AUTHENTIK_POSTGRESQL__NAME=authentik \
+	-e AUTHENTIK_POSTGRESQL__PASSWORD=authentik ghcr.io/goauthentik/server:latest worker
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-dendrite-monolith.service
+++ b/container-dendrite-monolith.service
@ -0,0 +1,29 @@
+[Unit]
+Description=Podman container-dendrite-monolith.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-dendrite.service
+After=pod-dendrite.service
+Requires=container-dendrite-postgres.service
+After=container-dendrite-postgres.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
+	--pod-id-file %t/pod-dendrite.pod-id --sdnotify=conmon --replace -d \
+	--name=dendrite-monolith \
+	-v dendrite:/etc/dendrite:Z \
+	-v dendrite-media:/var/dendrite/media:Z \
+	--label "io.containers.autoupdate=registry" \
+	docker.io/matrixdotorg/dendrite-monolith:latest --tls-cert=server.crt --tls-key=server.key
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-dendrite-postgres.service
+++ b/container-dendrite-postgres.service
@ -0,0 +1,26 @@
+[Unit]
+Description=Podman container-dendrite-postgres.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-dendrite.service
+After=pod-dendrite.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
+	--pod-id-file %t/pod-dendrite.pod-id --sdnotify=conmon --replace -d \
+	--name=dendrite-postgres \
+	-v dendrite-postgres:/var/lib/postgresql/data:Z \
+	-e POSTGRES_USER=dendrite -e POSTGRES_PASSWORD=dendrite \
+	docker.io/postgres:14
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-gitea-app.service
+++ b/container-gitea-app.service
@ -18,10 +18,11 @@ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
 	--pod-id-file %t/pod-gitea.pod-id \
 	--sdnotify=conmon --replace -d \
 	--name=gitea-app \
-	-v gitea:/data \
+	-v gitea:/data:Z \
 	-v /home/git/.ssh/:/data/git/.ssh:z \
-	-v /etc/timezone:/etc/timezone:z,ro \
-	-v /etc/localtime:/etc/localtime:z,ro \
+	--tz=Europe/Brussels \
+#-v /etc/timezone:/etc/timezone:ro \
+#-v /etc/localtime:/etc/localtime:ro \
 	-e USER_UID=1001 -e USER_GID=1001 \
 	-e GITEA__database__DB_TYPE=postgres -e GITEA__database__HOST=localhost \
 	-e GITEA__database__NAME=gitea -e GITEA__database__USER=gitea -e GITEA__database__PASSWD=gitea \
@ -33,4 +34,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-gitea-postgres.service
+++ b/container-gitea-postgres.service
@ -16,7 +16,7 @@ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
 	--pod-id-file %t/pod-gitea.pod-id \
 	--sdnotify=conmon --replace -d \
 	--name=gitea-postgres \
-	-v gitea-postgres:/var/lib/postgresql/data \
+	-v gitea-postgres:/var/lib/postgresql/data:Z \
 	--label "io.containers.autoupdate=registry" \
 	docker.io/postgres:11
 ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
@ -25,4 +25,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-hass-app.service
+++ b/container-hass-app.service
@ -20,11 +20,10 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
 ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
 	--name="hass-app" \
 	--pod-id-file %t/pod-home-assistant.pod-id \
-	-v hass-app:/config \
-#-v /home/pi/containers/hass/homeassistant:/config:z \
+	-v hass-app:/config:Z \
 	-v /home/hass/.ssh:/root/.ssh:z \
- 	-v /etc/localtime:/etc/localtime:z,ro \
-  	--privileged \
+	--tz=Europe/Brussels \
+#--privileged \
  	-e TZ=Europe/Brussels \
 	--label "io.containers.autoupdate=registry" \
 	--net=host \
@ -35,4 +34,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-hass-mosquitto.service
+++ b/container-hass-mosquitto.service
@ -13,9 +13,9 @@ TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/%n.ctr-id
 ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
 	 --name=hass-mosquitto \
-	--pod-id-file %t/pod-home-assistant.pod-id \
-	 -v hass-mosquitto-config:/mosquitto/config \
-	 -v hass-mosquitto-data:/mosquitto/data \
+	 --pod-id-file %t/pod-home-assistant.pod-id \
+	 -v hass-mosquitto-config:/mosquitto/config:Z \
+	 -v hass-mosquitto-data:/mosquitto/data:Z \
 	 --label "io.containers.autoupdate=registry" \
 	 --net=host \
 	 docker.io/eclipse-mosquitto
@ -25,4 +25,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-hass-postgres.service
+++ b/container-hass-postgres.service
@ -19,7 +19,7 @@ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
 	-e POSTGRES_PASSWORD=home-assistant \
 	-e POSTGRES_DB=home-assistant \
 	--net=host \
-	-v hass-postgres:/var/lib/postgresql/data \
+	-v hass-postgres:/var/lib/postgresql/data:Z \
 	--label "io.containers.autoupdate=registry" \
 	docker.io/postgres:14
 ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
@ -28,4 +28,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-hass-zigbee2mqtt.service
+++ b/container-hass-zigbee2mqtt.service
@ -16,8 +16,10 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
 ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
 	--name=hass-zigbee2mqtt \
 	--pod-id-file %t/pod-home-assistant.pod-id \
-	-v hass-zigbee2mqtt:/app/data \
-	-v /run/udev:/run/udev:ro -e TZ=Europe/Brussels \
+	-v hass-zigbee2mqtt:/app/data:Z \
+	-v /run/udev:/run/udev:ro \
+	-e TZ=Europe/Brussels \
+	--tz=Europe/Brussels \
 	--device=/dev/ttyACM0:/dev/ttyACM0 \
 	--label "io.containers.autoupdate=registry" \
 	--net=host \
@ -28,4 +30,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-mullvad.service
+++ b/container-mullvad.service
@ -0,0 +1,32 @@
+[Unit]
+Description=Podman container-mullvad.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-torrent.service
+After=pod-torrent.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
+	--pod-id-file %t/pod-torrent.pod-id \
+	--sdnotify=conmon --replace -d \
+	--name=mullvad \
+	--privileged \
+	--device /dev/net/tun \
+	-e PUID=1000 \
+	-e PGID=1000 \
+	-e TZ=Europe/Brussels \
+	-v mullvad-openvpn:/vpn:Z \
+	--label "io.containers.autoupdate=registry" \
+	docker.io/dperson/openvpn-client
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-nextcloud-fpm.service
+++ b/container-nextcloud-fpm.service
@ -18,6 +18,7 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
 ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
 	--name=nextcloud-fpm \
 	--pod-id-file %t/pod-nextcloud.pod-id \
+	--tz=Europe/Brussels \
 	-v nextcloud:/var/www/html:z \
 	-e POSTGRES_DB=nextcloud \
 	-e POSTGRES_USER=nextcloud \
@ -34,4 +35,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-nextcloud-nginx.service
+++ b/container-nextcloud-nginx.service
@ -16,8 +16,8 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
 ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
 	--name=nextcloud-nginx \
 	--pod-id-file %t/pod-nextcloud.pod-id \
-	-v nextcloud:/var/www/html \
-	-v /var/lib/containers/storage/volumes/nextcloud-nginx/_data/nginx.conf:/etc/nginx/nginx.conf \
+	-v nextcloud:/var/www/html:z \
+	-v /var/lib/containers/storage/volumes/nextcloud-nginx/_data/nginx.conf:/etc/nginx/nginx.conf:Z \
 	--label "io.containers.autoupdate=registry" \
 	docker.io/nginx
 ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
@ -26,4 +26,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-nextcloud-postgres.service
+++ b/container-nextcloud-postgres.service
@ -14,7 +14,7 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
 ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
 	--name=nextcloud-postgres \
 	--pod-id-file %t/pod-nextcloud.pod-id \
-	-v nextcloud-postgres:/var/lib/postgresql/data \
+	-v nextcloud-postgres:/var/lib/postgresql/data:Z \
 	-e POSTGRES_USER=nextcloud \
 	-e POSTGRES_PASSWORD=nextcloud \
 	-e POSTGRES_DB=nextcloud \
@ -26,4 +26,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-nginx-web.service
+++ b/container-nginx-web.service
@ -0,0 +1,28 @@
+[Unit]
+Description=Podman container-nginx-web.service
+Wants=network-online.target
+After=network-online.target
+Requires=container-php-fpm.service
+After=container-php-fpm.service
+BindsTo=pod-web.service
+After=pod-web.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
+	--name=nginx-web \
+	--pod-id-file %t/pod-web.pod-id \
+	-v nginx-web:/var/www/html:z \
+	-v /var/lib/containers/storage/volumes/nginx-web-config/_data/nginx.conf:/etc/nginx/nginx.conf:Z \
+	--label "io.containers.autoupdate=registry" \
+	docker.io/nginx
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-oauth2-proxy.service
+++ b/container-oauth2-proxy.service
@ -0,0 +1,47 @@
+# container-oauth2-proxy.service
+# autogenerated by Podman 4.1.1
+# Thu Aug 18 10:12:36 UTC 2022
+
+[Unit]
+Description=Podman container-oauth2-proxy.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name oauth2-proxy \
+	-p 4180:4180 \
+	-e OAUTH2_PROXY_PROVIDER=keycloak-oidc \
+	-e OAUTH2_PROXY_CLIENT_ID=oauth2-proxy \
+	-e OAUTH2_PROXY_CLIENT_SECRET=H2SITUCIsnVMq0k1OfWsQuSvXmkdHBe0 \
+#-e OAUTH2_PROXY_REDIRECT_URL=https://home.vanoverloop.xyz/oauth2/callback \
+	-e OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.vanoverloop.xyz/realms/master \
+	-e OAUTH2_PROXY_ALLOWED_ROLE=home \
+	-e OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 \
+	-e OAUTH2_PROXY_REVERSE_PROXY=true \
+	-e OAUTH2_PROXY_COOKIE_SECRET=jmoZ8LpDuAO1PLAtD16Xe4tu7e_OAmXZetiumqquCWA= \
+	-e OAUTH2_PROXY_UPSTREAMS=http://pi.lan:5180/ \
+	-e OAUTH2_PROXY_EMAIL_DOMAINS=* \
+	-e OAUTH2_PROXY_AUTH_LOGGING=true \
+	-e OAUTH2_PROXY_REQUEST_LOGGING=true \
+	-e OAUTH2_PROXY_SESSION_COOKIE_MINIMAL=true \
+	-e OAUTH2_PROXY_COOKIE_DOMAINS=.vanoverloop.xyz \
+	-e OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true quay.io/oauth2-proxy/oauth2-proxy
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-php-fpm.service
+++ b/container-php-fpm.service
@ -0,0 +1,26 @@
+[Unit]
+Description=Podman container-php-fpm.service
+Wants=network-online.target
+After=network-online.target
+BindsTo=pod-web.service
+After=pod-web.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
+	--name=php-fpm \
+	--pod-id-file %t/pod-web.pod-id \
+	-v nginx-web:/var/www/html:z \
+	--tz=Europe/Brussels \
+	--label "io.containers.autoupdate=registry" \
+	docker.io/php:fpm-alpine
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-pihole.service
+++ b/container-pihole.service
@ -30,11 +30,11 @@ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --
 	-p 53:53/tcp \
 	-p 53:53/udp \
 	--label "io.containers.autoupdate=registry" \
-	docker.io/pihole/pihole
+	docker.io/pihole/pihole:latest
 ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
 ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
 Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-proxy-internal.service
+++ b/container-proxy-internal.service
@ -0,0 +1,26 @@
+[Unit]
+Description=Podman container-proxy-internal.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
+ 	--name=proxy-internal \
+	-v proxy-internal-data:/data:Z \
+	-v proxy-internal-letsencrypt:/etc/letsencrypt:Z \
+	--ip=10.88.0.18 \
+	-p 5180:80 -p 82:81 \
+	--label "io.containers.autoupdate=registry" \
+	docker.io/jc21/nginx-proxy-manager:latest
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-proxy.service
+++ b/container-proxy.service
@ -12,10 +12,10 @@ ExecStartPre=/bin/mkdir -p /home/pi/containers/proxy
 ExecStartPre=/bin/rm -f %t/%n.ctr-id
 ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
 	--name=proxy \
-	-v /home/pi/containers/proxy/data:/data:z \
-	-v /home/pi/containers/proxy/letsencrypt:/etc/letsencrypt:z \
+	-v /home/pi/containers/proxy/data:/data:Z \
+	-v /home/pi/containers/proxy/letsencrypt:/etc/letsencrypt:Z \
 	--ip=10.88.0.17 \
-	-p 80:80 -p 443:443 -p 81:81 \
+	-p 80:80 -p 443:443 -p 81:81 -p 8448:8448 \
 	--label "io.containers.autoupdate=registry" \
 	docker.io/jc21/nginx-proxy-manager:latest
 ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
@ -24,4 +24,4 @@ Type=notify
 NotifyAccess=all

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/container-qbittorrent.service
+++ b/container-qbittorrent.service
@ -0,0 +1,37 @@
+[Unit]
+Description=Podman container-qbittorrent.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
+	--sdnotify=conmon --replace -d \
+	--name=qbittorrent \
+	--privileged \
+	-e PUID=1000 \
+	-e PGID=1000 \
+	-e TZ=Europe/Brussels \
+	-e "VPN_ENABLED=yes" \
+        -e "LAN_NETWORK=192.168.1.0/24" \
+        -e "NAME_SERVERS=8.8.8.8,8.8.4.4" \
+	-e "VPN_USERNAME=9368404547387870" \
+	-e "VPN_PASSWORD=m" \
+	-p 8080:8080 \
+        -p 8999:8999 \
+        -p 8999:8999/udp \
+	-v qbittorrent-appdata:/config:Z \
+  	-v qbittorrent-downloads:/downloads:z \
+	--label "io.containers.autoupdate=registry" \
+	docker.io/markusmcnugen/qbittorrentvpn
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-vaultwarden-server.service
+++ b/container-vaultwarden-server.service
@ -0,0 +1,25 @@
+[Unit]
+Description=Podman container-vaultwarden-server.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
+	--name="vaultwarden-server" \
+	-v vaultwarden-server:/data/:Z \
+	-p 8485:80 \
+  	-e TZ=Europe/Brussels \
+	--label "io.containers.autoupdate=registry" \
+  	docker.io/vaultwarden/server:latest
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/pod-authentik.service
+++ b/pod-authentik.service
@ -0,0 +1,26 @@
+# pod-authentik.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman pod-authentik.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=
+Requires=container-authentik-postgres.service container-authentik-redis.service container-authentik-server.service container-authentik-worker.service
+Before=container-authentik-postgres.service container-authentik-redis.service container-authentik-server.service container-authentik-worker.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/pod-authentik.pid %t/pod-authentik.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-authentik.pid --pod-id-file %t/pod-authentik.pod-id --name authentik -p 9000:9000 -p 9443:9443 --replace
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-authentik.pod-id
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-authentik.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-authentik.pod-id
+PIDFile=%t/pod-authentik.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
--- a/pod-dendrite.service
+++ b/pod-dendrite.service
@ -0,0 +1,22 @@
+[Unit]
+Description=Podman pod-dendrite.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=
+Requires=container-dendrite-monolith.service container-dendrite-postgres.service
+Before=container-dendrite-monolith.service container-dendrite-postgres.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/pod-dendrite.pid %t/pod-dendrite.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-dendrite.pid --pod-id-file %t/pod-dendrite.pod-id -p 8008:8008 -p 8447:8448 --name dendrite --replace
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-dendrite.pod-id
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-dendrite.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-dendrite.pod-id
+PIDFile=%t/pod-dendrite.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
--- a/pod-home-assistant.service
+++ b/pod-home-assistant.service
@ -3,8 +3,8 @@ Description=Podman pod-home-assistant.service
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=
-#Requires=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service
-#Before=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service
+Requires=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service
+Before=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service
 Requires=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service container-hass-postgres.service
 Before=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service container-hass-postgres.service

@ -13,7 +13,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/pod-home-assistant.pid %t/pod-home-assistant.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-home-assistant.pid --pod-id-file %t/pod-home-assistant.pod-id --network=host --name home-assistant --replace
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-home-assistant.pid --pod-id-file %t/pod-home-assistant.pod-id --network=host --device=/dev/ttyACM0:/dev/ttyACM0 --name home-assistant --replace
 ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-home-assistant.pod-id
 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-home-assistant.pod-id -t 10
 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-home-assistant.pod-id
@ -21,4 +21,4 @@ PIDFile=%t/pod-home-assistant.pid
 Type=forking

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/pod-torrent.service
+++ b/pod-torrent.service
@ -0,0 +1,22 @@
+[Unit]
+Description=Podman pod-torrent.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=
+Requires=container-qbittorrent.service
+Before=container-qbittorrent.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/pod-torrent.pid %t/pod-torrent.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-torrent.pid --pod-id-file %t/pod-torrent.pod-id -p 54822:8080 -p 57490:6881 -p 57490:6881/udp --name torrent --network=vpn-net --replace
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-torrent.pod-id
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-torrent.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-torrent.pod-id
+PIDFile=%t/pod-torrent.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
--- a/pod-web.service
+++ b/pod-web.service
@ -0,0 +1,22 @@
+[Unit]
+Description=Podman pod-web.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=
+Requires=container-php-fpm.service container-nginx-web.service
+Before=container-php-fpm.service container-nginx-web.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/pod-web.pid %t/pod-web.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-web.pid --pod-id-file %t/pod-web.pod-id -p 8053:80 --name web --replace
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-web.pod-id
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-web.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-web.pod-id
+PIDFile=%t/pod-web.pid
+Type=forking
+
+[Install]
+WantedBy=default.target