martinx3-administrativedevelopment / servercontainertemplate Goto Github PK
View Code? Open in Web Editor NEWContains documentation to create a podman server
License: GNU Affero General Public License v3.0
Contains documentation to create a podman server
License: GNU Affero General Public License v3.0
Grundsätzliche Projektdurchführung:
Anforderungen an Demo-Szenario.
Finde bzw. entwickle geeigneten Docker-Container als Grundlage für das Szenario.
Entwickle Architektur für das Demo-Szenario.
Realisiere Demo-Szenario.
Guter anwendungsbezogener Vortrag/Demo zum Projekt.
Projektdokumentation
With a basic configuration.
There is an open slirp4netns issue for this -> rootless-containers/slirp4netns#253
IPv6 is in the works and experimental. Thus it is not recommended to be used in this stage.
Exception: You could bind a container to one IPv6 address, it's a workaround.
https://github.com/bitnami/bitnami-docker-openldap#how-to-use-this-image
Connect it with OpenID
#25
Server with Bitwarden
https://github.com/bitwarden/server
Munin, Telegraf oder zabbix statt prometheus?
Create a script / tool to automatically partition the server and install the needed things.
Like ansible or something else
--network-alias=alias
[…]NOTE: A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release.
https://docs.podman.io/en/latest/markdown/podman-pod-create.1.html#network-alias-alias
https://wiki.archlinux.org/index.php/S.M.A.R.T.#smartd
As example with email support
Schedule self-tests
DEVICESCAN -s (S/../.././11|L/../../6/12)
Smart Monitor
https://github.com/AnalogJ/scrutiny#docker
https://github.com/analogj/scrutiny/pkgs/container/scrutiny
https://hub.docker.com/r/linuxserver/scrutiny
Linux
We have access to the cron utility, so this will be simple. Run crontab -e, pick an editor (nano) if you haven’t done so already and then add this line to the bottom and save it:
0 3 * * * /usr/bin/docker system prune -f
Docker is most likely installed at /usr/bin/docker but you can verify that by running which docker. Change the path if you need to. Also make sure the line isn’t commented out with a #.
Aside from the security part of the arch wiki
Choose a firewall and add rules to every service manual.
Easiest solution seems to be the iptables wrapper
https://wiki.archlinux.org/title/Uncomplicated_Firewall
UFW also has a rate limit feature against brute force attacks
(Add a hint to each docker service)
A first configuration with basic data is enough.
Create Readme.md with exact instructions to reproduce the result.
Add access via Browser from another Computer of the same Network
https://github.com/nginx-proxy/nginx-proxy
0.9.0
Switch to
https://github.com/linuxserver/docker-swag
https://hub.docker.com/r/linuxserver/swag
Remove https://github.com/MartinX3-EducationOrganization/nginx-certbot
Symlink the Let'sEncrypt Certificat on the Host to the Cockpit service
https://github.com/aquasecurity/trivy
https://aquasecurity.github.io/trivy/v0.28.0/docs/advanced/container/podman/
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
https://github.com/mikaku/Monitorix
Monitorix is a free, open source, lightweight system monitoring tool.
Buildkite is written in Golang
Jenkins is written in Java
In theory Buildkite should use less RAM.
https://github.com/buildkite/agent
https://github.com/compono/podman-buildkite-plugin
To deploy and upgrade services?
podman-play-kube - Create containers, pods or volumes based on Kubernetes YAML
https://docs.podman.io/en/latest/markdown/podman-play-kube.1.html
Network plugins
https://github.com/containernetworking/plugins
Backup backup backup
The container volumes need to be backuped
Maybe the OS as well
Maybe renting a dedicated server running a S3 compatible storage like ceph or minio
https://dev.to/hendr_ik/automate-backing-up-your-docker-volumes-3gdk
Or maybe a borg client in a container mounting every volume?
https://www.borgbackup.org/
OpenID is an open standard and decentralized authentication protocol.
eID support
https://github.com/eid-login/eid-login-nextcloud
Connect it with LDAP
#14
https://dovecot.org/
https://hub.docker.com/r/dovecot/dovecot
Mailu.io
https://github.com/docker-mailserver/docker-mailserver
rootless SMTP -> https://github.com/haraka/Haraka
LDAP plugin
https://github.com/haraka/Haraka/blob/master/Plugins.md
https://github.com/haraka/haraka-plugin-auth-ldap
Dockerimage
https://github.com/instrumentisto/haraka-docker-image
https://github.com/portainer/portainer
Making Docker and Kubernetes management easy.
Starting with version 2.6
portainer/portainer#5188
Add a VOLUME to guarantee persistent data storage
As example
https://github.com/grke/burp
It also has a client ui
https://git.ziirish.me/ziirish/burp-ui
Or borg backup client server solution
https://www.borgbackup.org/
As example
https://mkdev.me/en/posts/dockerless-part-1-which-tools-to-replace-docker-with-and-why
https://jaxenter.de/buildah-linux-container-docker-80513
move to rootless podman
use docker-compose or podman-compose
podman-dnsname
https://github.com/containers/
https://github.com/containers/podman/blob/master/docs/tutorials/rootless_tutorial.md
https://rootlesscontaine.rs/
https://github.com/rootless-containers
systemctl --user enable podman.socket --now
DOCKER_HOST=unix:///run/user/1000/podman/podman.sock docker-compose up
Create a short summarisation of what we need to do in the Readme.md
Maybe some services are usefull or better than already listed/used in this repo.
Alpine Linux based?
Dedicated partition?
How to change the bootloader from a broken initframfs recovery to point to the recovery OS?
BTRFS RAID 1 at the end of the partition?
1GB?
if bootloader not accecible because of a headless server, is it switchable by a bootable recovery image with grub tools? (grub bootloader)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.