Add podman & refactor firewall subnet IP

author: Blake Romero <blake@developercraft.com> 2026-03-21 23:06:12 +0000
committer: Blake Romero <blake@developercraft.com> 2026-03-21 23:06:12 +0000
commit: 8d1eae864115ca3ea0ad6ba26896582a665233be (patch)
tree: 31445319be63c06e08b6404b29b83c87fe024121 /post-setup.sh
parent: 17d9b4d9769d01fc8b3dc6cdd8849764d66a7d43 (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/post-setup.sh b/post-setup.sh
index 68dfce1..c8a7294 100755
--- a/post-setup.sh
+++ b/post-setup.sh
@@ -75,11 +75,22 @@ rc-update add bluetooth default
 
 # Setup firewall
 # requires: ufw
-
+subnet=192.168.1.0/24
 ufw enable
 ufw default deny incoming
 ufw default allow outgoing
-ufw allow from 192.168.1.0/24 to any port 22/tcp comment 'Allow incoming SSH via subnet'
+ufw allow from $subnet to any port 22/tcp comment 'Allow incoming SSH via subnet'
+
+# Podman
+apk add crun podman
+rc-update add cgroups
+rc-service cgroups start
+
+# for rootless/user run podman
+modprobe tun
+grep "^tun" /etc/modules || echo tun >> /etc/modules
+echo "$user:100000:65536" > /etc/subuid
+echo "$user:100000:65536" > /etc/subgid
 
 # Setup xdg user directories
 # requires: xdg-user-dirs
author	Blake Romero <blake@developercraft.com>	2026-03-21 23:06:12 +0000
committer	Blake Romero <blake@developercraft.com>	2026-03-21 23:06:12 +0000
commit	8d1eae864115ca3ea0ad6ba26896582a665233be (patch)
tree	31445319be63c06e08b6404b29b83c87fe024121 /post-setup.sh
parent	17d9b4d9769d01fc8b3dc6cdd8849764d66a7d43 (diff)