#!/bin/sh
echo "Installing Podman..."

apk add podman podman-compose
rc-update add cgroups
rc-service cgroups start

# Rootless mode
adduser -DH podman
modprobe tun
echo tun >> /etc/modules
echo podman:100000:65536 > /etc/subuid
echo podman:100000:65536 > /etc/subgid

# Need to go to /tmp for podman system migrate to work
cd /tmp
su -c "podman system migrate" podman

# Get rid of podman compose docker warning
touch /etc/containers/nodocker

# Use netavark and nftables
sed -i '/^\[network\]/a network_backend = "netavark"\nfirewall_driver = "nftables"' /etc/containers/containers.conf

# Fix shared mount with local service
cat << EOF > /etc/local.d/mount-rshared.start
#!/bin/sh 
mount --make-rshared /
EOF

chmod +x /etc/local.d/mount-rshared.start
rc-service local start

# Allow ports >= 53 to be rootless bound, persistent
echo "net.ipv4.ip_unprivileged_port_start=53" >> /etc/sysctl.d/podman.conf
sysctl -p /etc/sysctl.d/podman.conf

# Enable and start Podman socket
rc-update add podman
rc-service podman start