diff options
| author | Blake Romero <blake@developercraft.com> | 2026-03-21 23:06:12 +0000 |
|---|---|---|
| committer | Blake Romero <blake@developercraft.com> | 2026-03-21 23:06:12 +0000 |
| commit | 8d1eae864115ca3ea0ad6ba26896582a665233be (patch) | |
| tree | 31445319be63c06e08b6404b29b83c87fe024121 | |
| parent | 17d9b4d9769d01fc8b3dc6cdd8849764d66a7d43 (diff) | |
Add podman & refactor firewall subnet IP
| -rwxr-xr-x | post-setup.sh | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/post-setup.sh b/post-setup.sh index 68dfce1..c8a7294 100755 --- a/post-setup.sh +++ b/post-setup.sh @@ -75,11 +75,22 @@ rc-update add bluetooth default # Setup firewall # requires: ufw - +subnet=192.168.1.0/24 ufw enable ufw default deny incoming ufw default allow outgoing -ufw allow from 192.168.1.0/24 to any port 22/tcp comment 'Allow incoming SSH via subnet' +ufw allow from $subnet to any port 22/tcp comment 'Allow incoming SSH via subnet' + +# Podman +apk add crun podman +rc-update add cgroups +rc-service cgroups start + +# for rootless/user run podman +modprobe tun +grep "^tun" /etc/modules || echo tun >> /etc/modules +echo "$user:100000:65536" > /etc/subuid +echo "$user:100000:65536" > /etc/subgid # Setup xdg user directories # requires: xdg-user-dirs |