40 lines
1021 B
Bash
40 lines
1021 B
Bash
#!/bin/sh
|
|
echo "Installing Podman..."
|
|
|
|
apk add podman podman-compose
|
|
rc-update add cgroups
|
|
rc-service cgroups start
|
|
|
|
# Rootless mode
|
|
adduser -DH podman
|
|
modprobe tun
|
|
echo tun >> /etc/modules
|
|
echo podman:100000:65536 > /etc/subuid
|
|
echo podman:100000:65536 > /etc/subgid
|
|
|
|
# Need to go to /tmp for podman system migrate to work
|
|
cd /tmp
|
|
su -c "podman system migrate" podman
|
|
|
|
# Get rid of podman compose docker warning
|
|
touch /etc/containers/nodocker
|
|
|
|
# Use netavark and nftables
|
|
sed -i '/^\[network\]/a network_backend = "netavark"\nfirewall_driver = "nftables"' /etc/containers/containers.conf
|
|
|
|
# Fix shared mount with local service
|
|
cat << EOF > /etc/local.d/mount-rshared.start
|
|
#!/bin/sh
|
|
mount --make-rshared /
|
|
EOF
|
|
|
|
chmod +x /etc/local.d/mount-rshared.start
|
|
rc-service local start
|
|
|
|
# Allow ports >= 53 to be rootless bound, persistent
|
|
echo "net.ipv4.ip_unprivileged_port_start=53" >> /etc/sysctl.d/podman.conf
|
|
sysctl -p /etc/sysctl.d/podman.conf
|
|
|
|
# Enable and start Podman socket
|
|
rc-update add podman
|
|
rc-service podman start |