2024-10-01 09:52:42 +02:00
|
|
|
#!/usr/bin/bash
|
|
|
|
|
|
|
|
if [[ $(whoami) == "root" ]]; then
|
|
|
|
echo "Do not run this script as root."
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2024-10-07 11:37:52 +02:00
|
|
|
while ! [[ "$podman_mode" =~ ^(rootful|rootless)$ ]]; do
|
|
|
|
read -rp "Rootful or rootless Podman? " podman_mode
|
|
|
|
done
|
2024-10-01 09:52:42 +02:00
|
|
|
|
|
|
|
|
2024-10-07 11:37:52 +02:00
|
|
|
declare -a podman_units=(podman.service podman.socket podman-auto-update.service podman-auto-update.timer podman-clean-transient.service podman-restart.service)
|
|
|
|
|
|
|
|
|
|
|
|
if [[ "$podman_mode" == "rootless" ]]; then
|
2024-10-15 21:44:02 +02:00
|
|
|
sudo apt install -y aardvark-dns borgbackup cifs-utils curl dbus-user-session nftables nginx passt podman podman-compose python3-mako slirp4netns uidmap
|
2024-10-01 09:52:42 +02:00
|
|
|
|
2024-10-07 11:37:52 +02:00
|
|
|
sudo loginctl enable-linger "$USER"
|
2024-10-01 09:52:42 +02:00
|
|
|
|
2024-10-07 11:37:52 +02:00
|
|
|
sudo systemctl disable --now "${podman_units[@]}"
|
|
|
|
systemctl --user enable --now "${podman_units[@]}"
|
|
|
|
else
|
2024-10-15 21:44:02 +02:00
|
|
|
sudo apt install -y aardvark-dns borgbackup cifs-utils curl nftables nginx podman podman-compose python3-mako
|
2024-10-07 11:37:52 +02:00
|
|
|
|
|
|
|
systemctl --user disable --now "${podman_units[@]}"
|
|
|
|
sudo systemctl enable --now "${podman_units[@]}"
|
|
|
|
fi
|
2024-10-01 09:52:42 +02:00
|
|
|
|
|
|
|
|
|
|
|
declare -A sysctl_vars=(
|
|
|
|
[vm.overcommit_memory]=1
|
2024-10-07 14:42:58 +02:00
|
|
|
[net.core.wmem_max]=7500000
|
|
|
|
[net.core.rmem_max]=7500000
|
2024-10-01 09:52:42 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
echo -n "" | sudo tee /etc/sysctl.d/podman.conf
|
|
|
|
for key in "${!sysctl_vars[@]}"; do
|
|
|
|
value="${sysctl_vars[$key]}"
|
|
|
|
echo "$key = $value" | sudo tee -a /etc/sysctl.d/podman.conf
|
|
|
|
done
|
2024-10-07 14:42:58 +02:00
|
|
|
sudo sysctl -p /etc/sysctl.d/podman.conf
|
2024-10-01 09:52:42 +02:00
|
|
|
|
|
|
|
|
2024-10-15 21:44:02 +02:00
|
|
|
sudo curl -o /etc/nginx/dhparam.txt https://ssl-config.mozilla.org/ffdhe2048.txt
|
|
|
|
|
|
|
|
|
|
|
|
sudo systemctl enable --now nftables nginx
|