podman
podman ist das neue docker. Vorteile:
- läuft nicht als root
- Großartiger Sicherheitsgewinn zur Laufzeit
- Großartiger Sicherheitsgewinn zur Entwicklungszeit
- einfacherer Umgang mit Volumes durch UID-Mapping
- Handhabung sehr ähnlich zu docker
- bloß besserer Unterbau ;)
- funktioniert mit systemd, auch innerhalb des Containers
- docker baut lieber "Parallelwelt" für Fehlerbehandlung auf
- docker kann kein systemd in Containern
- Antrieb kommt von Red Hat
- vernünftige Projektführung
- docker geht lieber eigenen Weg
- docker lehnte einige gute PullRequest ab (was zu podman führte)
podman run -it fedora /bin/bash podman run fedora /usr/bin/cat /etc/hosts podman cp fedora /etc/hosts . podman build -t hello-world .
1 privoxy
- Containerfile
FROM fedora:31 RUN dnf -y update \ && dnf -y install privoxy \ && sed -ie 's/listen-address 127.0.0.1:8118/listen-address :8118/' /etc/privoxy/config \ && sed -ie 's/keep-alive-timeout 5/keep-alive-timeout 300/' /etc/privoxy/config EXPOSE 8118 CMD ["privoxy", "--no-daemon", "/etc/privoxy/config"]
2 inadyn-mt
- Containerfile
FROM fedora:31 RUN dnf -y install inadyn-mt ADD inadyn-mt.conf /etc/inadyn-mt.conf CMD /usr/sbin/inadyn
3 TODO gitolite
- Containerfile
FROM fedora:31 RUN dnf -y install gitolite3 openssh-server hostname findutils glibc-locale-source RUN localedef -v -c -i de_DE -f UTF-8 de_DE.UTF-8 || true RUN ssh-keygen -A RUN useradd git ADD admin.pub /tmp/admin.pub USER git ENV USER=git RUN gitolite setup -pk /tmp/admin.pub USER root EXPOSE 22/tcp CMD ["/usr/sbin/sshd", "-D"]
- podman-compose.yml
version: '2.0'
services:
git:
build: .
image: gitolite:latest
ports:
- "7999:22"
volumes:
- ./gitolite:/home/git
- list repositories
ssh git@ip -p 7999 info
4 TODO murmur
- Containerfile
FROM fedora:31 RUN dnf -y install murmur RUN sed -ie 's/#autoban/autoban/' /etc/murmur/murmur.ini RUN sed -ie 's/welcometext=.*/welcometext="You made it!"/' /etc/murmur/murmur.ini RUN sed -ie 's/serverpassword=.*/serverpassword=complicated/' /etc/murmur/murmur.ini RUN sed -ie 's/#registerName=.*/registerName=myOwnMurmur/' /etc/murmur/murmur.ini ADD murmur.sqlite /var/lib/mumble-server/murmur.sqlite RUN chown mumble-server:mumble-server /var/lib/mumble-server/murmur.sqlite EXPOSE 64738 CMD murmurd -fg -ini /etc/murmur/murmur.ini
- podman-compose
version: '2.0'
services:
murmur:
build: .
image: murmur:latest
restart: always
ports:
- "64738:64738"
volumes:
- ./murmur:/var/lib/mumble-server
5 TODO ttrss
- Containerfile
FROM fedora:31 RUN dnf -y update \ && dnf -y install httpd mod_ssl \ && dnf clean all COPY server.crt /etc/pki/tls/certs/localhost.crt COPY server.key /etc/pki/tls/private/localhost.key COPY https.conf /etc/httpd/conf.d/https.conf CMD ["httpd", "-DFOREGROUND"]
- https.conf
ServerName ttrss <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ProxyPass / http://ttrss:80/ ProxyPassReverse / http://ttrss:80/ </VirtualHost>
- podman-compose.yml
version: '3.3'
services:
https:
build: .
image: httpstinyrss:0.5
restart: always
ports:
- "443:443"
networks:
- net
ttrss:
image: linuxserver/tt-rss
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- ./ttrss:/config
networks:
- net
postgres:
image: postgres:11.0
restart: always
environment:
- POSTGRES_PASSWORD:complicated
volumes:
- ./ttrss_pgdata:/var/lib/postgresql/data
networks:
- net
networks:
net:
6 TODO onedrive
- Containerfile
FROM fedora:31 RUN dnf -y update \ && dnf -y install onedrive \ && dnf clean all RUN useradd onedrive USER onedrive CMD ["/usr/bin/onedrive", "--monitor", "--resync"]
- once: token-building
podman run -it \ -v ./onedrive:/home/onedrive/OneDrive \ -v ./onedrive_cfg:/home/onedrive/.config/onedrive \ onedrive:latest
- podman-compose.yml
version: '3.3'
services:
onedrive:
build: .
image: onedrive:latest
restart: always
volumes:
- ./onedrive:/home/onedrive/OneDrive
- ./onedrive_cfg:/home/onedrive/.config/onedrive