Open jack-avery opened 3 months ago
jack-avery
commented
4 weeks ago Nix home-manager has just added services.podman which could also serve nicely for declaratively handling networking and daemonizing but it may not be necessary given enough Ansible sanity checks
jack-avery
commented
3 weeks ago Possible also using .kube files and Quadlet to replace the templating/declarative and daemon aspects of Docker respectively, both of which supported natively by Podman so only a sudo apt install -y podman is required.
Examples
jack-avery
commented
3 weeks ago if using kube a sudo apt install -y kubernetes will also be required but it's like 19kB so whatever
jack-avery
commented
3 weeks ago wip; blocked by #12
jack-avery
commented
3 weeks ago This is blocked by an issue that is currently not solveable without having people also build upstream versions of podman, crun, and pasta. Marking this as wontfix for the foreseeable future. Was a fun experiment nonetheless, and I learned a lot about Podman, something I've been looking at for a while.
the containers aren't doing anything that would require them to be in a rootful state (e.g., hosting an HTTP server on 80/443 or anything else on a port <1024). swap to podman instead for increased security as podman does not run as root.
this is not particularly important is a nice-to-have more than anything else. podman has ansible plays, though daemonizing the containers (to start & restart automatically via systemd service) requires additional setup by enabling user service lingering:
sudo loginctl enable-linger tf2server