From 8d1eae864115ca3ea0ad6ba26896582a665233be Mon Sep 17 00:00:00 2001
From: Blake Romero <blake@developercraft.com>
Date: Sat, 21 Mar 2026 23:06:12 +0000
Subject: Add podman & refactor firewall subnet IP

---
 post-setup.sh | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/post-setup.sh b/post-setup.sh
index 68dfce1..c8a7294 100755
--- a/post-setup.sh
+++ b/post-setup.sh
@@ -75,11 +75,22 @@ rc-update add bluetooth default
 
 # Setup firewall
 # requires: ufw
-
+subnet=192.168.1.0/24
 ufw enable
 ufw default deny incoming
 ufw default allow outgoing
-ufw allow from 192.168.1.0/24 to any port 22/tcp comment 'Allow incoming SSH via subnet'
+ufw allow from $subnet to any port 22/tcp comment 'Allow incoming SSH via subnet'
+
+# Podman
+apk add crun podman
+rc-update add cgroups
+rc-service cgroups start
+
+# for rootless/user run podman
+modprobe tun
+grep "^tun" /etc/modules || echo tun >> /etc/modules
+echo "$user:100000:65536" > /etc/subuid
+echo "$user:100000:65536" > /etc/subgid
 
 # Setup xdg user directories
 # requires: xdg-user-dirs
-- 
cgit