#!/usr/bin/bash if [[ $(whoami) == "root" ]]; then echo "Do not run this script as root." exit fi while ! [[ "$podman_mode" =~ ^(rootful|rootless)$ ]]; do read -rp "Rootful or rootless Podman? " podman_mode done declare -a en_podman_units=(podman.service podman.socket podman-clean-transient.service podman-restart.service) declare -a dis_podman_units=(podman-auto-update.service podman-auto-update.timer) if [[ "$podman_mode" == "rootless" ]]; then sudo apt install -y aardvark-dns borgbackup cifs-utils curl dbus-user-session nftables nginx passt podman podman-compose python3-mako slirp4netns uidmap sudo loginctl enable-linger "$USER" sudo systemctl disable --now "${en_podman_units[@]}" "${dis_podman_units[@]}" systemctl --user enable --now "${en_podman_units[@]}" systemctl --user disable --now "${dis_podman_units[@]}" else sudo apt install -y aardvark-dns borgbackup cifs-utils curl nftables nginx podman podman-compose python3-mako systemctl --user disable --now "${en_podman_units[@]}" "${dis_podman_units[@]}" sudo systemctl enable --now "${en_podman_units[@]}" sudo systemctl disable --now "${dis_podman_units[@]}" fi declare -A sysctl_vars=( [vm.overcommit_memory]=1 [net.core.wmem_max]=7500000 [net.core.rmem_max]=7500000 ) echo -n "" | sudo tee /etc/sysctl.d/podman.conf for key in "${!sysctl_vars[@]}"; do value="${sysctl_vars[$key]}" echo "$key = $value" | sudo tee -a /etc/sysctl.d/podman.conf done sudo sysctl -p /etc/sysctl.d/podman.conf sudo curl -o /etc/nginx/dhparam.txt https://ssl-config.mozilla.org/ffdhe2048.txt sudo systemctl enable --now nftables nginx