This commit is contained in:
Daan Vanoverloop 2022-08-21 10:59:37 +02:00
parent baba7a3379
commit 255f742ddc
Signed by: Danacus
GPG Key ID: F2272B50E129FC5C
29 changed files with 566 additions and 36 deletions

View File

@ -0,0 +1,38 @@
# container-authentik-postgres.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman container-authentik-postgres.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-authentik.service
After=pod-authentik.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--pod-id-file %t/pod-authentik.pod-id \
--sdnotify=conmon \
-d \
--replace \
--name authentik-postgres \
--label io.containers.autoupdate=registry \
-v authentik-db:/var/lib/postgresql/data:Z \
-e POSTGRES_PASSWORD=authentik \
-e POSTGRES_USER=authentik \
-e POSTGRES_DB=authentik docker.io/postgres:12-alpine
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -0,0 +1,34 @@
# container-authentik-redis.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman container-authentik-redis.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-authentik.service
After=pod-authentik.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--pod-id-file %t/pod-authentik.pod-id \
--sdnotify=conmon \
-d \
--replace \
--label io.containers.autoupdate=registry \
--name authentik-redis docker.io/redis:alpine
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -0,0 +1,43 @@
# container-authentik-server.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman container-authentik-server.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-authentik.service
After=pod-authentik.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--pod-id-file %t/pod-authentik.pod-id \
--sdnotify=conmon \
-d \
--replace \
--name authentik-server \
--label io.containers.autoupdate=registry \
-v authentik-media:/media:z \
-v authentik-templates:/templates:z \
-e AUTHENTIK_SECRET_KEY=P8UNDagVZS1HMUxoaov7ouP2CxpAuODBpFYyJ773w3N7Pk96m4 \
-e AUTHENTIK_ERROR_REPORTING__ENABLED=true \
-e AUTHENTIK_REDIS__HOST=localhost \
-e AUTHENTIK_POSTGRESQL__HOST=localhost \
-e AUTHENTIK_POSTGRESQL__USER=authentik \
-e AUTHENTIK_POSTGRESQL__NAME=authentik \
-e AUTHENTIK_POSTGRESQL__PASSWORD=authentik ghcr.io/goauthentik/server:latest server
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -0,0 +1,44 @@
# container-authentik-worker.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman container-authentik-worker.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-authentik.service
After=pod-authentik.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--pod-id-file %t/pod-authentik.pod-id \
--sdnotify=conmon \
-d \
--replace \
--name authentik-worker \
--label io.containers.autoupdate=registry \
-v authentik-media:/media:z \
-v authentik-templates:/templates:z \
-v authentik-certs:/certs:Z \
-e AUTHENTIK_SECRET_KEY=P8UNDagVZS1HMUxoaov7ouP2CxpAuODBpFYyJ773w3N7Pk96m4 \
-e AUTHENTIK_ERROR_REPORTING__ENABLED=true \
-e AUTHENTIK_REDIS__HOST=localhost \
-e AUTHENTIK_POSTGRESQL__HOST=localhost \
-e AUTHENTIK_POSTGRESQL__USER=authentik \
-e AUTHENTIK_POSTGRESQL__NAME=authentik \
-e AUTHENTIK_POSTGRESQL__PASSWORD=authentik ghcr.io/goauthentik/server:latest worker
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -0,0 +1,29 @@
[Unit]
Description=Podman container-dendrite-monolith.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-dendrite.service
After=pod-dendrite.service
Requires=container-dendrite-postgres.service
After=container-dendrite-postgres.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
--pod-id-file %t/pod-dendrite.pod-id --sdnotify=conmon --replace -d \
--name=dendrite-monolith \
-v dendrite:/etc/dendrite:Z \
-v dendrite-media:/var/dendrite/media:Z \
--label "io.containers.autoupdate=registry" \
docker.io/matrixdotorg/dendrite-monolith:latest --tls-cert=server.crt --tls-key=server.key
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -0,0 +1,26 @@
[Unit]
Description=Podman container-dendrite-postgres.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-dendrite.service
After=pod-dendrite.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
--pod-id-file %t/pod-dendrite.pod-id --sdnotify=conmon --replace -d \
--name=dendrite-postgres \
-v dendrite-postgres:/var/lib/postgresql/data:Z \
-e POSTGRES_USER=dendrite -e POSTGRES_PASSWORD=dendrite \
docker.io/postgres:14
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -18,10 +18,11 @@ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
--pod-id-file %t/pod-gitea.pod-id \ --pod-id-file %t/pod-gitea.pod-id \
--sdnotify=conmon --replace -d \ --sdnotify=conmon --replace -d \
--name=gitea-app \ --name=gitea-app \
-v gitea:/data \ -v gitea:/data:Z \
-v /home/git/.ssh/:/data/git/.ssh:z \ -v /home/git/.ssh/:/data/git/.ssh:z \
-v /etc/timezone:/etc/timezone:z,ro \ --tz=Europe/Brussels \
-v /etc/localtime:/etc/localtime:z,ro \ #-v /etc/timezone:/etc/timezone:ro \
#-v /etc/localtime:/etc/localtime:ro \
-e USER_UID=1001 -e USER_GID=1001 \ -e USER_UID=1001 -e USER_GID=1001 \
-e GITEA__database__DB_TYPE=postgres -e GITEA__database__HOST=localhost \ -e GITEA__database__DB_TYPE=postgres -e GITEA__database__HOST=localhost \
-e GITEA__database__NAME=gitea -e GITEA__database__USER=gitea -e GITEA__database__PASSWD=gitea \ -e GITEA__database__NAME=gitea -e GITEA__database__USER=gitea -e GITEA__database__PASSWD=gitea \
@ -33,4 +34,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -16,7 +16,7 @@ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
--pod-id-file %t/pod-gitea.pod-id \ --pod-id-file %t/pod-gitea.pod-id \
--sdnotify=conmon --replace -d \ --sdnotify=conmon --replace -d \
--name=gitea-postgres \ --name=gitea-postgres \
-v gitea-postgres:/var/lib/postgresql/data \ -v gitea-postgres:/var/lib/postgresql/data:Z \
--label "io.containers.autoupdate=registry" \ --label "io.containers.autoupdate=registry" \
docker.io/postgres:11 docker.io/postgres:11
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
@ -25,4 +25,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -20,11 +20,10 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name="hass-app" \ --name="hass-app" \
--pod-id-file %t/pod-home-assistant.pod-id \ --pod-id-file %t/pod-home-assistant.pod-id \
-v hass-app:/config \ -v hass-app:/config:Z \
#-v /home/pi/containers/hass/homeassistant:/config:z \
-v /home/hass/.ssh:/root/.ssh:z \ -v /home/hass/.ssh:/root/.ssh:z \
-v /etc/localtime:/etc/localtime:z,ro \ --tz=Europe/Brussels \
--privileged \ #--privileged \
-e TZ=Europe/Brussels \ -e TZ=Europe/Brussels \
--label "io.containers.autoupdate=registry" \ --label "io.containers.autoupdate=registry" \
--net=host \ --net=host \
@ -35,4 +34,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -13,9 +13,9 @@ TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=hass-mosquitto \ --name=hass-mosquitto \
--pod-id-file %t/pod-home-assistant.pod-id \ --pod-id-file %t/pod-home-assistant.pod-id \
-v hass-mosquitto-config:/mosquitto/config \ -v hass-mosquitto-config:/mosquitto/config:Z \
-v hass-mosquitto-data:/mosquitto/data \ -v hass-mosquitto-data:/mosquitto/data:Z \
--label "io.containers.autoupdate=registry" \ --label "io.containers.autoupdate=registry" \
--net=host \ --net=host \
docker.io/eclipse-mosquitto docker.io/eclipse-mosquitto
@ -25,4 +25,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -19,7 +19,7 @@ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
-e POSTGRES_PASSWORD=home-assistant \ -e POSTGRES_PASSWORD=home-assistant \
-e POSTGRES_DB=home-assistant \ -e POSTGRES_DB=home-assistant \
--net=host \ --net=host \
-v hass-postgres:/var/lib/postgresql/data \ -v hass-postgres:/var/lib/postgresql/data:Z \
--label "io.containers.autoupdate=registry" \ --label "io.containers.autoupdate=registry" \
docker.io/postgres:14 docker.io/postgres:14
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
@ -28,4 +28,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -16,8 +16,10 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=hass-zigbee2mqtt \ --name=hass-zigbee2mqtt \
--pod-id-file %t/pod-home-assistant.pod-id \ --pod-id-file %t/pod-home-assistant.pod-id \
-v hass-zigbee2mqtt:/app/data \ -v hass-zigbee2mqtt:/app/data:Z \
-v /run/udev:/run/udev:ro -e TZ=Europe/Brussels \ -v /run/udev:/run/udev:ro \
-e TZ=Europe/Brussels \
--tz=Europe/Brussels \
--device=/dev/ttyACM0:/dev/ttyACM0 \ --device=/dev/ttyACM0:/dev/ttyACM0 \
--label "io.containers.autoupdate=registry" \ --label "io.containers.autoupdate=registry" \
--net=host \ --net=host \
@ -28,4 +30,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

32
container-mullvad.service Normal file
View File

@ -0,0 +1,32 @@
[Unit]
Description=Podman container-mullvad.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-torrent.service
After=pod-torrent.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
--pod-id-file %t/pod-torrent.pod-id \
--sdnotify=conmon --replace -d \
--name=mullvad \
--privileged \
--device /dev/net/tun \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/Brussels \
-v mullvad-openvpn:/vpn:Z \
--label "io.containers.autoupdate=registry" \
docker.io/dperson/openvpn-client
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -18,6 +18,7 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=nextcloud-fpm \ --name=nextcloud-fpm \
--pod-id-file %t/pod-nextcloud.pod-id \ --pod-id-file %t/pod-nextcloud.pod-id \
--tz=Europe/Brussels \
-v nextcloud:/var/www/html:z \ -v nextcloud:/var/www/html:z \
-e POSTGRES_DB=nextcloud \ -e POSTGRES_DB=nextcloud \
-e POSTGRES_USER=nextcloud \ -e POSTGRES_USER=nextcloud \
@ -34,4 +35,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -16,8 +16,8 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=nextcloud-nginx \ --name=nextcloud-nginx \
--pod-id-file %t/pod-nextcloud.pod-id \ --pod-id-file %t/pod-nextcloud.pod-id \
-v nextcloud:/var/www/html \ -v nextcloud:/var/www/html:z \
-v /var/lib/containers/storage/volumes/nextcloud-nginx/_data/nginx.conf:/etc/nginx/nginx.conf \ -v /var/lib/containers/storage/volumes/nextcloud-nginx/_data/nginx.conf:/etc/nginx/nginx.conf:Z \
--label "io.containers.autoupdate=registry" \ --label "io.containers.autoupdate=registry" \
docker.io/nginx docker.io/nginx
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
@ -26,4 +26,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -14,7 +14,7 @@ ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=nextcloud-postgres \ --name=nextcloud-postgres \
--pod-id-file %t/pod-nextcloud.pod-id \ --pod-id-file %t/pod-nextcloud.pod-id \
-v nextcloud-postgres:/var/lib/postgresql/data \ -v nextcloud-postgres:/var/lib/postgresql/data:Z \
-e POSTGRES_USER=nextcloud \ -e POSTGRES_USER=nextcloud \
-e POSTGRES_PASSWORD=nextcloud \ -e POSTGRES_PASSWORD=nextcloud \
-e POSTGRES_DB=nextcloud \ -e POSTGRES_DB=nextcloud \
@ -26,4 +26,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -0,0 +1,28 @@
[Unit]
Description=Podman container-nginx-web.service
Wants=network-online.target
After=network-online.target
Requires=container-php-fpm.service
After=container-php-fpm.service
BindsTo=pod-web.service
After=pod-web.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=nginx-web \
--pod-id-file %t/pod-web.pod-id \
-v nginx-web:/var/www/html:z \
-v /var/lib/containers/storage/volumes/nginx-web-config/_data/nginx.conf:/etc/nginx/nginx.conf:Z \
--label "io.containers.autoupdate=registry" \
docker.io/nginx
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -0,0 +1,47 @@
# container-oauth2-proxy.service
# autogenerated by Podman 4.1.1
# Thu Aug 18 10:12:36 UTC 2022
[Unit]
Description=Podman container-oauth2-proxy.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--sdnotify=conmon \
-d \
--replace \
--name oauth2-proxy \
-p 4180:4180 \
-e OAUTH2_PROXY_PROVIDER=keycloak-oidc \
-e OAUTH2_PROXY_CLIENT_ID=oauth2-proxy \
-e OAUTH2_PROXY_CLIENT_SECRET=H2SITUCIsnVMq0k1OfWsQuSvXmkdHBe0 \
#-e OAUTH2_PROXY_REDIRECT_URL=https://home.vanoverloop.xyz/oauth2/callback \
-e OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.vanoverloop.xyz/realms/master \
-e OAUTH2_PROXY_ALLOWED_ROLE=home \
-e OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 \
-e OAUTH2_PROXY_REVERSE_PROXY=true \
-e OAUTH2_PROXY_COOKIE_SECRET=jmoZ8LpDuAO1PLAtD16Xe4tu7e_OAmXZetiumqquCWA= \
-e OAUTH2_PROXY_UPSTREAMS=http://pi.lan:5180/ \
-e OAUTH2_PROXY_EMAIL_DOMAINS=* \
-e OAUTH2_PROXY_AUTH_LOGGING=true \
-e OAUTH2_PROXY_REQUEST_LOGGING=true \
-e OAUTH2_PROXY_SESSION_COOKIE_MINIMAL=true \
-e OAUTH2_PROXY_COOKIE_DOMAINS=.vanoverloop.xyz \
-e OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true quay.io/oauth2-proxy/oauth2-proxy
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

26
container-php-fpm.service Normal file
View File

@ -0,0 +1,26 @@
[Unit]
Description=Podman container-php-fpm.service
Wants=network-online.target
After=network-online.target
BindsTo=pod-web.service
After=pod-web.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=php-fpm \
--pod-id-file %t/pod-web.pod-id \
-v nginx-web:/var/www/html:z \
--tz=Europe/Brussels \
--label "io.containers.autoupdate=registry" \
docker.io/php:fpm-alpine
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -30,11 +30,11 @@ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --
-p 53:53/tcp \ -p 53:53/tcp \
-p 53:53/udp \ -p 53:53/udp \
--label "io.containers.autoupdate=registry" \ --label "io.containers.autoupdate=registry" \
docker.io/pihole/pihole docker.io/pihole/pihole:latest
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -0,0 +1,26 @@
[Unit]
Description=Podman container-proxy-internal.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=proxy-internal \
-v proxy-internal-data:/data:Z \
-v proxy-internal-letsencrypt:/etc/letsencrypt:Z \
--ip=10.88.0.18 \
-p 5180:80 -p 82:81 \
--label "io.containers.autoupdate=registry" \
docker.io/jc21/nginx-proxy-manager:latest
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -12,10 +12,10 @@ ExecStartPre=/bin/mkdir -p /home/pi/containers/proxy
ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \ ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=proxy \ --name=proxy \
-v /home/pi/containers/proxy/data:/data:z \ -v /home/pi/containers/proxy/data:/data:Z \
-v /home/pi/containers/proxy/letsencrypt:/etc/letsencrypt:z \ -v /home/pi/containers/proxy/letsencrypt:/etc/letsencrypt:Z \
--ip=10.88.0.17 \ --ip=10.88.0.17 \
-p 80:80 -p 443:443 -p 81:81 \ -p 80:80 -p 443:443 -p 81:81 -p 8448:8448 \
--label "io.containers.autoupdate=registry" \ --label "io.containers.autoupdate=registry" \
docker.io/jc21/nginx-proxy-manager:latest docker.io/jc21/nginx-proxy-manager:latest
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
@ -24,4 +24,4 @@ Type=notify
NotifyAccess=all NotifyAccess=all
[Install] [Install]
WantedBy=default.target WantedBy=default.target

View File

@ -0,0 +1,37 @@
[Unit]
Description=Podman container-qbittorrent.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm \
--sdnotify=conmon --replace -d \
--name=qbittorrent \
--privileged \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/Brussels \
-e "VPN_ENABLED=yes" \
-e "LAN_NETWORK=192.168.1.0/24" \
-e "NAME_SERVERS=8.8.8.8,8.8.4.4" \
-e "VPN_USERNAME=9368404547387870" \
-e "VPN_PASSWORD=m" \
-p 8080:8080 \
-p 8999:8999 \
-p 8999:8999/udp \
-v qbittorrent-appdata:/config:Z \
-v qbittorrent-downloads:/downloads:z \
--label "io.containers.autoupdate=registry" \
docker.io/markusmcnugen/qbittorrentvpn
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

View File

@ -0,0 +1,25 @@
[Unit]
Description=Podman container-vaultwarden-server.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name="vaultwarden-server" \
-v vaultwarden-server:/data/:Z \
-p 8485:80 \
-e TZ=Europe/Brussels \
--label "io.containers.autoupdate=registry" \
docker.io/vaultwarden/server:latest
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

26
pod-authentik.service Normal file
View File

@ -0,0 +1,26 @@
# pod-authentik.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman pod-authentik.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=
Requires=container-authentik-postgres.service container-authentik-redis.service container-authentik-server.service container-authentik-worker.service
Before=container-authentik-postgres.service container-authentik-redis.service container-authentik-server.service container-authentik-worker.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-authentik.pid %t/pod-authentik.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-authentik.pid --pod-id-file %t/pod-authentik.pod-id --name authentik -p 9000:9000 -p 9443:9443 --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-authentik.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-authentik.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-authentik.pod-id
PIDFile=%t/pod-authentik.pid
Type=forking
[Install]
WantedBy=default.target

22
pod-dendrite.service Normal file
View File

@ -0,0 +1,22 @@
[Unit]
Description=Podman pod-dendrite.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=
Requires=container-dendrite-monolith.service container-dendrite-postgres.service
Before=container-dendrite-monolith.service container-dendrite-postgres.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-dendrite.pid %t/pod-dendrite.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-dendrite.pid --pod-id-file %t/pod-dendrite.pod-id -p 8008:8008 -p 8447:8448 --name dendrite --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-dendrite.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-dendrite.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-dendrite.pod-id
PIDFile=%t/pod-dendrite.pid
Type=forking
[Install]
WantedBy=default.target

View File

@ -3,8 +3,8 @@ Description=Podman pod-home-assistant.service
Wants=network-online.target Wants=network-online.target
After=network-online.target After=network-online.target
RequiresMountsFor= RequiresMountsFor=
#Requires=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service Requires=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service
#Before=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service Before=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service
Requires=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service container-hass-postgres.service Requires=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service container-hass-postgres.service
Before=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service container-hass-postgres.service Before=container-hass-app.service container-hass-zigbee2mqtt.service container-hass-mosquitto.service container-hass-postgres.service
@ -13,7 +13,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure Restart=on-failure
TimeoutStopSec=70 TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-home-assistant.pid %t/pod-home-assistant.pod-id ExecStartPre=/bin/rm -f %t/pod-home-assistant.pid %t/pod-home-assistant.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-home-assistant.pid --pod-id-file %t/pod-home-assistant.pod-id --network=host --name home-assistant --replace ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-home-assistant.pid --pod-id-file %t/pod-home-assistant.pod-id --network=host --device=/dev/ttyACM0:/dev/ttyACM0 --name home-assistant --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-home-assistant.pod-id ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-home-assistant.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-home-assistant.pod-id -t 10 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-home-assistant.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-home-assistant.pod-id ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-home-assistant.pod-id
@ -21,4 +21,4 @@ PIDFile=%t/pod-home-assistant.pid
Type=forking Type=forking
[Install] [Install]
WantedBy=default.target WantedBy=default.target

22
pod-torrent.service Normal file
View File

@ -0,0 +1,22 @@
[Unit]
Description=Podman pod-torrent.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=
Requires=container-qbittorrent.service
Before=container-qbittorrent.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-torrent.pid %t/pod-torrent.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-torrent.pid --pod-id-file %t/pod-torrent.pod-id -p 54822:8080 -p 57490:6881 -p 57490:6881/udp --name torrent --network=vpn-net --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-torrent.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-torrent.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-torrent.pod-id
PIDFile=%t/pod-torrent.pid
Type=forking
[Install]
WantedBy=default.target

22
pod-web.service Normal file
View File

@ -0,0 +1,22 @@
[Unit]
Description=Podman pod-web.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=
Requires=container-php-fpm.service container-nginx-web.service
Before=container-php-fpm.service container-nginx-web.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-web.pid %t/pod-web.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-web.pid --pod-id-file %t/pod-web.pod-id -p 8053:80 --name web --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-web.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-web.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-web.pod-id
PIDFile=%t/pod-web.pid
Type=forking
[Install]
WantedBy=default.target