https://seiarotg.me/tags/podman/ Recent content in Podman on SEIAROTg's blog Hugo en Sun, 31 Mar 2024 17:28:25 +0100 https://seiarotg.me/post/tidy-up-homelab-containers/ Tue, 22 Aug 2023 22:34:58 +0100 https://seiarotg.me/post/tidy-up-homelab-containers/ <h1 id="background">Background</h1> <p>There are bunch of services lying around on my homelab. Over time, the accumulated complexity, ops load, reliability risk, and security risks started to harm my mental health. I figured it&rsquo;s probably the time to properly tidy up my homelab and have it actually managed. I figured my ideal setup shall be secure, reasonably reliable, at a low ops cost. More specifically, I would like to:</p> <ul> <li>Have some services running</li> <li>Have some declarative way to manage them</li> <li>Have some isolation on what each services could access</li> <li>Have automated updates</li> </ul> <p>Very simple and innocent requirements, right? Surely the solution ought to be simple too, doesn&rsquo;t it?</p> https://seiarotg.me/post/podman-compose-pits/ Tue, 28 Dec 2021 21:27:06 +0000 https://seiarotg.me/post/podman-compose-pits/ <h1 id="背景">背景</h1> <p>我有一个非常简单的需求：在一个容器里起一个 wireguard client，并将其直接接入上游网络（不要 NAT）。</p> <p>不想看过程可以直接看<a href="#%E6%80%BB%E7%BB%93">总结</a>。</p> <h1 id="折腾">折腾</h1> <h2 id="在容器里起-wireguard">在容器里起 wireguard</h2> <p>首先搜索 prior art，发现 <a href="https://hub.docker.com/r/linuxserver/wireguard">https://hub.docker.com/r/linuxserver/wireguard</a>。试了一下发现不好：</p>