pew
/
scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

k8s -> podman

master
Paul Walko 2020-12-26 23:16:52 -05:00
parent 9c6feb3bc5
commit f8767f269f
19 changed files with 305 additions and 821 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
fogcutter/k8s/airsonic.yml
View File

@ -1,79 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: airsonic
name: airsonic
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: airsonic
template:
metadata:
labels:
run: airsonic
spec:
containers:
- name: airsonic
image: linuxserver/airsonic:v10.6.2-ls83
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "US/Eastern"
volumeMounts:
- mountPath: /config
name: airsonic-config
readOnly: false
- mountPath: /media/music
name: bigdata-music
readOnly: true
- mountPath: /media/playlists
name: bigdata-playlists
readOnly: true
- mountPath: /media/podcasts
name: bigdata-podcasts
readOnly: true
- mountPath: /media/media-vtluug
name: vtluug-media
readOnly: true
ports:
- name: http
containerPort: 4040
volumes:
- name: airsonic-config
hostPath:
path: /bigdata/k8s-config/airsonic/config
- name: bigdata-music
hostPath:
path: /bigdata/media/music
- name: bigdata-playlists
hostPath:
path: /bigdata/media/playlists
- name: bigdata-podcasts
hostPath:
path: /bigdata/media/podcasts
- name: vtluug-media
hostPath:
path: /media-vtluug
---
apiVersion: v1
kind: Service
metadata:
labels:
run: airsonic
name: airsonic
namespace: pew
spec:
selector:
run: airsonic
ports:
- name: http
port: 4040
protocol: TCP

17
fogcutter/k8s/dnsutils.yml
View File

@ -1,17 +0,0 @@
# Used to test DNS, example:
# k exec -i -t dnsutils -- nslookup dns-host.default
apiVersion: v1
kind: Pod
metadata:
name: dnsutils
namespace: default
spec:
containers:
- name: dnsutils
image: gcr.io/kubernetes-e2e-test-images/dnsutils:1.3
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always

98
fogcutter/k8s/gitea.yml
View File

@ -1,98 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: gitea
name: gitea
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: gitea
template:
metadata:
labels:
run: gitea
spec:
containers:
- name: gitea
image: gitea/gitea:1.12.5
# after initial install options must be changed at /data/gitea/conf/app.ini
env:
- name: RUN_MODE
value: "prod"
- name: DOMAIN
value: "git.seaturtle.pw"
- name: SSH_DOMAIN
value: "git.seaturtle.pw"
- name: SSH_PORT
value: "37122"
- name: ROOT_URL
value: "https://git.seaturtle.pw/"
- name: LFS_START
value: "true"
- name: DISABLE_REGISTRATION
value: "true"
- name: REQUIRE_SIGNIN_VIEW
value: "false"
- name: USER_UID
value: "1000"
- name: USER_GUID
value: "1000"
volumeMounts:
- mountPath: /data
name: gitea-data
readOnly: false
- mountPath: /etc/timezone
subPath: timezone
name: gitea-config
readOnly: true
- mountPath: /etc/localtime
name: gitea-localtime
readOnly: true
ports:
- name: http
containerPort: 3000
- name: ssh
containerPort: 37122
volumes:
- name: gitea-data
hostPath:
path: /bigdata/k8s-config/gitea/data
- name: gitea-config
configMap:
name: gitea-config
- name: gitea-localtime
hostPath:
path: /usr/share/zoneinfo/America/New_York
---
apiVersion: v1
kind: Service
metadata:
labels:
run: gitea
name: gitea
namespace: pew
spec:
selector:
run: gitea
ports:
- name: http
port: 3000
protocol: TCP
- name: ssh
port: 37122
protocol: TCP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-config
namespace: pew
data:
timezone: |
America/New_York

11
fogcutter/k8s/haproxy-tcp.yml
View File

@ -1,11 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tcpservices
namespace: haproxy
data:
37122:
pew/gitea:37122
25565:
pew/minecraft:25565

51
fogcutter/k8s/haproxy.cfg
View File

@ -1,51 +0,0 @@
## For haproxy 2.2 COPY TO /etc/haproxy/haproxy.cfg
## Do https://unix.stackexchange.com/a/538901 to fix network-online.target on debian w/ /etc/intefaces
## certbot setup:
## - https://certbot.eff.org/lets-encrypt/debianbuster-haproxy
## - Add "0 0 1 * * systemctl stop haproxy && certbot renew && systemctl start haproxy && cat /etc/letsencrypt/live/seaturtle.pw/{fullchain,privkey}.pem > /etc/letsencrypt/live/seaturtle.pw/haproxy_cert.pem" to root crontab
## - (Default systemd timer does not have option to stop haproxy before running)
## Ensure microk8s only exposes nodeport on 127.0.0.1:
## - Edit /var/snap/microk8s/current/args/kube-proxy, adding "--nodeport-addresses=127.0.0.1/8"
defaults
log global
mode tcp
option dontlognull
retries 3
maxconn 4000
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http-in
mode http
bind :::80
redirect scheme https
frontend https-in
mode http
option forwardfor
bind :::443 ssl crt /etc/letsencrypt/live/seaturtle.pw/haproxy_cert.pem ssl-min-ver TLSv1.2
acl server1 hdr(host) -i airsonic.seaturtle.pw
acl server1 hdr(host) -i git.seaturtle.pw
acl server1 hdr(host) -i nc.seaturtle.pw
acl server1 hdr(host) -i paul.walko.org
acl server1 hdr(host) -i plex.seaturtle.pw
acl server1 hdr(host) -i seaturtle.pw
use_backend server1 if server1
backend server1
mode http
option forwardfor
server server1 127.0.0.1:30080
listen proxy37122
mode tcp
bind :::37122
server ipv4server30122 127.0.0.1:30122
listen proxy25565
mode tcp
bind :::25565
server ipv4server30565 127.0.0.1:30565

33
fogcutter/k8s/haproxy.yml
View File

@ -1,33 +0,0 @@
# k create namespace haproxy
# Create tcp services configmap:
# k apply -f haproxy-tcp.yml
# helm repo add haproxytech https://haproxytech.github.io/helm-charts && helm repo update
# helm install haproxy haproxytech/kubernetes-ingress --namespace haproxy -f haproxy.yml
controller:
replicaCount: 2
extraArgs:
- --configmap-tcp-services=haproxy/tcpservices
config:
path-rewrite: /s/(.*)/p /s/\1/preview
service:
type: NodePort
nodePorts:
http: 30080
enablePorts:
http: true
https: false
stat: true
ssh: true
minecraft: true
tcpPorts:
- name: ssh
port: 37122
targetPort: 37122
nodePort: 30122
- name: minecraft
port: 25565
targetPort: 25565
nodePort: 30565
defaultBackend:
replicaCount: 2

71
fogcutter/k8s/ingress.yml
View File

@ -1,71 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# redirection is handled at upper haproxy layer
ingress.kubernetes.io/ssl-redirect: "false"
name: haproxy-ingress
namespace: pew
spec:
rules:
- host: seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: nginx
port:
number: 80
- host: paul.walko.org
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: nginx
port:
number: 80
- host: airsonic.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: airsonic
port:
number: 4040
- host: git.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: gitea
port:
number: 3000
- host: nc.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: nextcloud
port:
number: 80
- host: plex.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: plex
port:
number: 32400

55
fogcutter/k8s/minecraft.yml
View File

@ -1,55 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: minecraft
name: minecraft
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: minecraft
template:
metadata:
labels:
run: minecraft
spec:
containers:
- name: minecraft
image: itzg/minecraft-server:latest
env:
- name: EULA
value: "TRUE"
- name: MAX_MEMORY
value: "8G"
- name: VERSION
value: "1.15.2"
volumeMounts:
- mountPath: /data
name: minecraft-data
readOnly: false
ports:
- name: minecraft
containerPort: 25565
volumes:
- name: minecraft-data
hostPath:
path: /bigdata/k8s-config/minecraft/data
---
apiVersion: v1
kind: Service
metadata:
labels:
run: minecraft
name: minecraft
namespace: pew
spec:
selector:
run: minecraft
ports:
- name: minecraft
port: 25565
protocol: TCP

199
fogcutter/k8s/nextcloud.yml
View File

@ -1,199 +0,0 @@
# to scan new files: k exec --stdin --tty nextcloud-POD -npew -- /bin/bash -c "/var/www/html/occ files:scan --path='/USER/files'"
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: nextcloud
name: nextcloud
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: nextcloud
template:
metadata:
labels:
run: nextcloud
spec:
containers:
- name: nextcloud
image: nextcloud:20.0.1-apache
env:
- name: OVERWRITEHOST
value: "nc.seaturtle.pw"
- name: OVERWRITEPROTOCOL
value: "https"
- name: MYSQL_DATABASE
value: "nextcloud"
- name: MYSQL_USER
value: "nextcloud"
- name: MYSQL_PASSWORD
value: "nextcloud"
- name: MYSQL_HOST
value: "nextcloud-mariadb.pew"
- name: REDIS_HOST
value: "nextcloud-redis.pew"
- name: REDIS_HOST_PASSWORD
value: "nextcloud"
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-data
readOnly: false
ports:
- name: http
containerPort: 80
volumes:
- name: nextcloud-data
hostPath:
path: /bigdata/k8s-config/nextcloud/data
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: nextcloud-cron
namespace: pew
spec:
schedule: "*/10 * * * *"
successfulJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
restartPolicy: OnFailure
containers:
- name: nextcloud-cron
image: nextcloud:20.0.1-apache
command:
- "php"
- "-f"
- "/var/www/html/cron.php"
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-data
readOnly: false
volumes:
- name: nextcloud-data
hostPath:
path: /bigdata/k8s-config/nextcloud/data
---
apiVersion: v1
kind: Service
metadata:
labels:
run: nextcloud
name: nextcloud
namespace: pew
spec:
selector:
run: nextcloud
ports:
- name: http
port: 80
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: nextcloud-mariadb
name: nextcloud-mariadb
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: nextcloud-mariadb
template:
metadata:
labels:
run: nextcloud-mariadb
spec:
containers:
- name: mariadb
image: mariadb:10.5.6
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "notnullvalue"
- name: MYSQL_PASSWORD
value: "nextcloud"
- name: MYSQL_DATABASE
value: "nextcloud"
- name: MYSQL_USER
value: "nextcloud"
volumeMounts:
- mountPath: /var/lib/mysql
name: nextcloud-mariadb
readOnly: false
ports:
- name: mysql
containerPort: 3306
volumes:
- name: nextcloud-mariadb
hostPath:
path: /bigdata/k8s-config/nextcloud/mariadb
---
apiVersion: v1
kind: Service
metadata:
labels:
run: nextcloud-mariadb
name: nextcloud-mariadb
namespace: pew
spec:
selector:
run: nextcloud-mariadb
ports:
- name: mysql
port: 3306
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: nextcloud-redis
name: nextcloud-redis
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: nextcloud-redis
template:
metadata:
labels:
run: nextcloud-redis
spec:
containers:
- name: redis
image: redis:6.0.9
args:
- --requirepass
- nextcloud
ports:
- name: redis
containerPort: 6379
---
apiVersion: v1
kind: Service
metadata:
labels:
run: nextcloud-redis
name: nextcloud-redis
namespace: pew
spec:
selector:
run: nextcloud-redis
ports:
- name: redis
port: 6379
protocol: TCP

134
fogcutter/k8s/nginx.yml
View File

@ -1,134 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: nginx
name: nginx
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: nginx
template:
metadata:
labels:
run: nginx
spec:
containers:
- name: nginx
image: nginx:1.19.3
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
name: nginx-config
readOnly: true
- mountPath: /files
name: nginx-files
readOnly: true
ports:
- name: http
containerPort: 80
volumes:
- name: nginx-config
configMap:
name: nginx-config
- name: nginx-files
hostPath:
path: /bigdata/files
---
apiVersion: v1
kind: Service
metadata:
labels:
run: nginx
name: nginx
namespace: pew
spec:
selector:
run: nginx
ports:
- name: http
port: 80
protocol: TCP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: pew
data:
nginx.conf: |
user nginx;
worker_processes 4;
pid /run/nginx.pid;
include /etc/nginx/modules/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
client_max_body_size 0;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
#access_log /config/log/nginx/access.log;
#error_log /config/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
#gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
server {
listen 80;
server_name _;
root /;
location / {
proxy_pass http://paulwalko.github.io/;
}
location /files {
autoindex on;
}
}
#include /etc/nginx/conf.d/*.conf;
#include /config/nginx/site-confs/default;
#include /config/nginx/site-confs/*.enabled;
}

73
fogcutter/k8s/plex.yml
View File

@ -1,73 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: plex
name: plex
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: plex
template:
metadata:
labels:
run: plex
spec:
containers:
- name: plex
image: linuxserver/plex:1.20.3.3483-211702a9f-ls122
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: VERSION
value: "docker"
volumeMounts:
- mountPath: /config
name: plex-config
readOnly: false
- mountPath: /media/movies
name: bigdata-movies
readOnly: true
- mountPath: /media/music
name: bigdata-music
readOnly: true
- mountPath: /media/media-vtluug
name: vtluug-media
readOnly: true
ports:
- name: http
containerPort: 32400
volumes:
- name: plex-config
hostPath:
path: /bigdata/k8s-config/plex/config
- name: bigdata-movies
hostPath:
path: /bigdata/media/movies
- name: bigdata-music
hostPath:
path: /bigdata/media/music
- name: vtluug-media
hostPath:
path: /media-vtluug
---
apiVersion: v1
kind: Service
metadata:
labels:
run: plex
name: plex
namespace: pew
spec:
selector:
run: plex
ports:
- name: http
port: 32400
protocol: TCP

38
fogcutter/podman/airsonic.sh Executable file
View File

@ -0,0 +1,38 @@
#!/bin/bash
set -e
up () {
loginctl enable-linger paul
podman network create pew-net || true
# Exposed on port 4040 in pew-net
podman create \
--name airsonic \
--env PUID=1000 \
--env PGID=1000 \
--env TZ=US/Eastern \
--volume /bigdata/k8s-config/airsonic/config:/config:rw \
--volume /bigdata/media/music:/media/music:ro \
--volume /bigdata/media/playlists:/media/playlists:ro \
--volume /bigdata/media/podcasts:/media/podcasts:ro \
--network pew-net \
linuxserver/airsonic:v10.6.2-ls83
podman generate systemd airsonic --restart-policy=always --name > ~/.config/systemd/user/airsonic.service
systemctl --user daemon-reload
systemctl restart --user airsonic || systemctl start --user airsonic
systemctl enable --user airsonic
}
down () {
systemctl stop --user airsonic || true
systemctl disable --user airsonic || true
podman rm airsonic || true
}
logs () {
podman logs --follow airsonic
}
$@

44
fogcutter/podman/gitea.sh Executable file
View File

@ -0,0 +1,44 @@
#!/bin/bash
set -e
up () {
loginctl enable-linger paul
podman network create pew-net || true
# Exposed on port 3000 in pew-net
podman create \
--name gitea \
--env RUN_MODE=prod \
--env DOMAIN=git.seaturtle.pw \
--env SSH_DOMAIN=git.seaturtle.pw \
--env SSH_PORT=2222 \
--env ROOT_URL=https://git.seaturtle.pw \
--env LFS_START=true \
--env DISABLE_REGISTRATION=true \
--env REQUIRE_SIGNIN_VIEW=false \
--env USER_UID=1000 \
--volume /bigdata/k8s-config/gitea/data:/data:rw \
--volume /etc/localtime:/etc/localtime:ro \
--volume /etc/timezone:/etc/timezone:ro \
--publish 127.0.0.1:2222:2222 \
--network pew-net \
gitea/gitea:1.12.5
podman generate systemd gitea --restart-policy=always --name > ~/.config/systemd/user/gitea.service
systemctl --user daemon-reload
systemctl restart --user gitea || systemctl start --user gitea
systemctl enable --user gitea
}
down () {
systemctl stop --user gitea || true
systemctl disable --user gitea || true
podman rm gitea || true
}
logs () {
podman logs --follow gitea
}
$@

33
fogcutter/podman/minecraft.sh Executable file
View File

@ -0,0 +1,33 @@
#!/bin/bash
set -e
up () {
loginctl enable-linger paul
podman create \
--name minecraft \
--env EULA=TRUE \
--env MAX_MEMORY=8G \
--env VERSION=1.15.2 \
--volume /bigdata/k8s-config/minecraft/data:/data:rw \
--publish 127.0.0.1:25565:25565 \
itzg/minecraft-server:latest
podman generate systemd minecraft --restart-policy=always --name > ~/.config/systemd/user/minecraft.service
systemctl --user daemon-reload
systemctl restart --user minecraft || systemctl start --user minecraft
systemctl enable --user minecraft
}
down () {
systemctl stop --user minecraft || true
systemctl disable --user minecraft || true
podman rm minecraft || true
}
logs () {
podman logs --follow minecraft
}
$@

9
fogcutter/podman/nextcloud/nextcloud-cron.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Nextcloud cron
[Service]
Type=simple
ExecStart=/usr/bin/podman exec nextcloud /bin/bash -c "if ! command -v sudo &> /dev/null; then apt-get update && apt-get install -y sudo; fi; sudo -u www-data php -f /var/www/html/cron.php"
[Install]
WantedBy=default.target

9
fogcutter/podman/nextcloud/nextcloud-cron.timer Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Run nextcloud-cron service every 10 minutes and on boot
[Timer]
OnBootSec=10min
OnUnitActiveSec=10min
[Install]
WantedBy=timers.target

90
fogcutter/podman/nextcloud/nextcloud.sh Executable file
View File

@ -0,0 +1,90 @@
#!/bin/bash
set -e
# to scan new files: k exec --stdin --tty nextcloud-POD -npew -- /bin/bash -c "/var/www/html/occ files:scan --path='/USER/files'"
up () {
loginctl enable-linger paul
podman network create pew-net || true
# Exposed on port 80 in pew-net
# Must edit config.php file after initial setup to change settings
podman create \
--name nextcloud \
--env OVERWRITEHOST=nc.seaturtle.pw \
--env OVERWRITEPROTOCOL=https \
--env MYSQL_DATABASE=nextcloud \
--env MYSQL_USER=nextcloud \
--env MYSQL_PASSWORD=nextcloud \
--env MYSQL_HOST=nextcloud-mariadb \
--env REDIS_HOST=nextcloud-redis \
--env REDIS_HOST_PASSWORD=nextcloud \
--volume /bigdata/k8s-config/nextcloud/data:/var/www/html:rw \
--network pew-net \
nextcloud:20.0.1-apache
podman generate systemd nextcloud --restart-policy=always --name > ~/.config/systemd/user/nextcloud.service
systemctl --user daemon-reload
systemctl restart --user nextcloud || systemctl start --user nextcloud
systemctl enable --user nextcloud
# Exposed on port 3306 in pew-net
podman create \
--name nextcloud-mariadb \
--env MYSQL_RANDOM_ROOT_PASSWORD=notnullvalue \
--env MYSQL_PASSWORD=nextcloud \
--env MYSQL_DATABASE=nextcloud \
--env MYSQL_USER=nextcloud \
--volume /bigdata/k8s-config/nextcloud/mariadb:/var/lib/mysql:rw \
--network pew-net \
mariadb:10.5.6
podman generate systemd nextcloud-mariadb --restart-policy=always --name > ~/.config/systemd/user/nextcloud-mariadb.service
systemctl --user daemon-reload
systemctl restart --user nextcloud-mariadb || systemctl start --user nextcloud-mariadb
systemctl enable --user nextcloud-mariadb
# Exposed on port 6379 in pew-net
podman create \
--name nextcloud-redis \
--network pew-net \
redis:6.0.9 --requirepass nextcloud
podman generate systemd nextcloud-redis --restart-policy=always --name > ~/.config/systemd/user/nextcloud-redis.service
systemctl --user daemon-reload
systemctl restart --user nextcloud-redis || systemctl start --user nextcloud-redis
systemctl enable --user nextcloud-redis
cp nextcloud-cron.service nextcloud-cron.timer ~/.config/systemd/user/
systemctl restart --user nextcloud-cron.timer || systemctl start --user nextcloud-cron.timer
systemctl enable --user nextcloud-cron.timer
}
down () {
systemctl stop --user nextcloud || true
systemctl disable --user nextcloud || true
podman rm nextcloud || true
systemctl stop --user nextcloud-mariadb || true
systemctl disable --user nextcloud-mariadb || true
podman rm nextcloud-mariadb || true
systemctl stop --user nextcloud-redis || true
systemctl disable --user nextcloud-redis || true
podman rm nextcloud-redis || true
systemctl stop --user nextcloud-cron.timer || true
systemctl disable --user nextcloud-cron.timer || true
}
logs () {
podman logs -f nextcloud
}
logsm () {
podman logs -f nextcloud-mariadb
}
logsr () {
podman logs -f nextcloud-redis
}
$@

44
fogcutter/podman/nginx.sh Executable file
View File

@ -0,0 +1,44 @@
#!/bin/bash
set -e
up () {
loginctl enable-linger paul
podman network create pew-net || true
# main nginx container
podman create \
--name nginx \
--env PUID=1000 \
--env GUID=1000 \
--env TZ=US/Eastern \
--env URL=seaturtle.pw \
--env SUBDOMAINS=airsonic,git,nc,plex \
--env VALIDATION=http \
--env EMAIL=paulsw.pw@gmail.com \
--volume /bigdata/k8s-config/nginx/config:/config:rw \
--volume /bigdata/k8s-config/nginx/nginx.conf:/config/nginx/nginx.conf:ro \
--volume /bigdata/k8s-config/nginx/ssl.conf:/config/nginx/ssl.conf:ro \
--volume /bigdata/k8s-config/nginx/site-confs:/config/nginx/site-confs:ro \
--publish 127.0.0.1:8080:80 \
--publish 127.0.0.1:8443:443 \
--network pew-net \
linuxserver/swag:1.10.1-ls29
podman generate systemd nginx --restart-policy=always --name > ~/.config/systemd/user/nginx.service
systemctl --user daemon-reload
systemctl restart --user nginx || systemctl start --user nginx
systemctl enable --user nginx
}
down () {
systemctl stop --user nginx || true
systemctl disable --user nginx || true
podman rm nginx || true
}
logs () {
podman logs --follow nginx
}
$@

38
fogcutter/podman/plex.sh Executable file
View File

@ -0,0 +1,38 @@
#!/bin/bash
set -e
up () {
loginctl enable-linger paul
podman network create pew-net || true
# Exposed on port 32400 in pew-net
podman create \
--name plex \
--env PUID=1000 \
--env PGID=1000 \
--env VERSION=docker \
--volume /bigdata/k8s-config/plex/config:/config:rw \
--volume /bigdata/media/movies:/media/movies:ro \
--volume /bigdata/media/music:/media/music:ro \
--volume /media-vtluug:/media/media-vtluug:ro \
--network pew-net \
linuxserver/plex:1.20.3.3483-211702a9f-ls122
podman generate systemd plex --restart-policy=always --name > ~/.config/systemd/user/plex.service
systemctl --user daemon-reload
systemctl restart --user plex || systemctl start --user plex
systemctl enable --user plex
}
down () {
systemctl stop --user plex || true
systemctl disable --user plex || true
podman rm plex || true
}
logs () {
podman logs --follow plex
}
$@