From eb9c52a19b0859c0eeacf53f6d01fbd0d7618cb3 Mon Sep 17 00:00:00 2001
From: LinuxSquare <7436714-OfficialLinuxSquare@users.noreply.gitlab.com>
Date: Fri, 27 Oct 2023 16:56:26 +0200
Subject: [PATCH] podman: add mariadb, forgejo, npm containers

---
 .../files/forgejo_docker-compose.yml.jinja    | 24 +++++++++++
 .../files/mariadb_docker-compose.yml.jinja    | 20 ++++++++++
 .../files/npm_docker-compose.yml.jinja        | 24 +++++++++++
 podman/containers/forgejo.sls                 | 30 ++++++++++++++
 podman/containers/init.sls                    |  4 ++
 podman/containers/map.jinja                   |  3 ++
 podman/containers/mariadb.sls                 | 31 ++++++++++++++
 podman/containers/npm.sls                     | 40 +++++++++++++++++++
 podman/directory.sls                          | 12 ++++++
 podman/init.sls                               |  2 +
 podman/rootless.sls                           |  5 ++-
 podman/user.sls                               |  4 +-
 12 files changed, 195 insertions(+), 4 deletions(-)
 create mode 100644 podman/containers/files/forgejo_docker-compose.yml.jinja
 create mode 100644 podman/containers/files/mariadb_docker-compose.yml.jinja
 create mode 100644 podman/containers/files/npm_docker-compose.yml.jinja
 create mode 100644 podman/containers/forgejo.sls
 create mode 100644 podman/containers/init.sls
 create mode 100644 podman/containers/map.jinja
 create mode 100644 podman/containers/mariadb.sls
 create mode 100644 podman/containers/npm.sls
 create mode 100644 podman/directory.sls

diff --git a/podman/containers/files/forgejo_docker-compose.yml.jinja b/podman/containers/files/forgejo_docker-compose.yml.jinja
new file mode 100644
index 0000000..43fa558
--- /dev/null
+++ b/podman/containers/files/forgejo_docker-compose.yml.jinja
@@ -0,0 +1,24 @@
+version: '3'
+
+services:
+  forgejo_server:
+    image: codeberg.org/forgejo/forgejo:1.20
+    container_name: forgejo
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - FORGEJO__database__DB_TYPE=mysql
+      - FORGEJO__database__HOST=noveria_db:3306
+      - FORGEJO__database__NAME=forgejo
+      - FORGEJO__database__USER={{ MARIADB_USER }}
+      - FORGEJO__database__PASSWD={{ MARIADB_USER_PASSWORD }}
+    restart: always
+    volumes:
+      - ./data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+
+networks:
+  default:
+    external: true
+    name: noveria
diff --git a/podman/containers/files/mariadb_docker-compose.yml.jinja b/podman/containers/files/mariadb_docker-compose.yml.jinja
new file mode 100644
index 0000000..c6784aa
--- /dev/null
+++ b/podman/containers/files/mariadb_docker-compose.yml.jinja
@@ -0,0 +1,20 @@
+version: '3.1'
+services:
+  noveria_db:
+    image: docker.io/mariadb:lts
+    restart: always
+    environment:
+      MARIADB_ROOT_PASSWORD: {{ MARIADB_ROOT_PASSWORD }}
+      MARIADB_USER: {{ MARIADB_USER }}
+      MARIADB_USER_PASSWORD: {{ MARIADB_USER_PASSWORD }}
+    volumes:
+      - ./data:/var/lib/mysql
+
+  adminer_ui:
+    image: docker.io/adminer
+    restart: always
+
+networks:
+  default:
+    external: true
+    name: noveria
diff --git a/podman/containers/files/npm_docker-compose.yml.jinja b/podman/containers/files/npm_docker-compose.yml.jinja
new file mode 100644
index 0000000..16b881b
--- /dev/null
+++ b/podman/containers/files/npm_docker-compose.yml.jinja
@@ -0,0 +1,24 @@
+version: '3.8'
+services:
+  app:
+    image: docker.io/jc21/nginx-proxy-manager:latest
+    restart: unless-stopped
+    ports:
+      # These ports are in format <host-port>:<container-port>
+      - '80:80' # Public HTTP Port
+      - '443:443' # Public HTTPS Port
+      - '81:81' # Admin Web Port
+      # Add any other Stream port you want to expose
+      {% for port in STREAMED_PORTS %}
+      - '{{ port }}:{{ port }}'
+      {% endfor %}
+    environment:
+      DISABLE_IPV6: 'true'
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+
+networks:
+  default:
+    external: true
+    name: noveria
diff --git a/podman/containers/forgejo.sls b/podman/containers/forgejo.sls
new file mode 100644
index 0000000..a9e565e
--- /dev/null
+++ b/podman/containers/forgejo.sls
@@ -0,0 +1,30 @@
+{% from tpldir+"/map.jinja" import containers %}
+
+include:
+  - podman.directory
+
+podman_containers_forgejo_compose:
+  - file.managed:
+    - name: {{ containers.podman_dir }}/forgejo/docker-compose.yml
+    - source: {{ tpldir }}/files/forgejo_docker-compose.yml.jinja
+    - template: jinja
+    - context:
+        MARIADB_USER: {{ salt['pillar.get']('podman:containers:mariadb:user') }}
+        MARIADB_USER_PASSWORD: {{ salt['pillar.get']('podman:containers:mariadb:userpwd') }}
+    - user: puser
+    - group: puser
+    - mode: '0644'
+    - makedirs: True
+    - require:
+      - podman_directory_permissions
+
+podman_containers_forgejo_data_dir:
+  - file.directory:
+    - name: {{ containers.podman_dir }}/forgejo/data
+    - user: puser
+    - group: puser
+    - dir_mode: '0755'
+    - file_mode: '0644'
+    - makedirs: True
+    - require:
+      - podman_directory_permissions
diff --git a/podman/containers/init.sls b/podman/containers/init.sls
new file mode 100644
index 0000000..3c98871
--- /dev/null
+++ b/podman/containers/init.sls
@@ -0,0 +1,4 @@
+include:
+  - .npm
+  - .mariadb
+  - .forgejo
diff --git a/podman/containers/map.jinja b/podman/containers/map.jinja
new file mode 100644
index 0000000..962a5a3
--- /dev/null
+++ b/podman/containers/map.jinja
@@ -0,0 +1,3 @@
+{% set containers = {
+  'podman_dir': '/opt/podman'
+} %}
diff --git a/podman/containers/mariadb.sls b/podman/containers/mariadb.sls
new file mode 100644
index 0000000..83762a1
--- /dev/null
+++ b/podman/containers/mariadb.sls
@@ -0,0 +1,31 @@
+{% from tpldir+"/map.jinja" import containers %}
+
+include:
+  - podman.directory
+
+podman_containers_mariadb_compose:
+  - file.managed:
+    - name: {{ containers.podman_dir }}/mariadb/docker-compose.yml
+    - source: {{ tpldir }}/files/mariadb_docker-compose.yml.jinja
+    - template: jinja
+    - context:
+        MARIADB_ROOT_PASSWORD: {{ salt['pillar.get']('podman:containers:mariadb:rootpwd') }}
+        MARIADB_USER: {{ salt['pillar.get']('podman:containers:mariadb:user') }}
+        MARIADB_USER_PASSWORD: {{ salt['pillar.get']('podman:containers:mariadb:userpwd') }}
+    - user: puser
+    - group: puser
+    - mode: '0644'
+    - makedirs: True
+    - require:
+      - podman_directory_permissions
+
+podman_containers_mariadb_data_dir:
+  - file.directory:
+    - name: {{ containers.podman_dir }}/mariadb/data
+    - user: puser
+    - group: puser
+    - dir_mode: '0755'
+    - file_mode: '0644'
+    - makedirs: True
+    - require:
+      - podman_directory_permissions
diff --git a/podman/containers/npm.sls b/podman/containers/npm.sls
new file mode 100644
index 0000000..8c643ea
--- /dev/null
+++ b/podman/containers/npm.sls
@@ -0,0 +1,40 @@
+{% from tpldir+"/map.jinja" import containers %}
+
+include:
+  - podman.directory
+
+podman_containers_npm_compose:
+  - file.managed:
+    - name: {{ containers.podman_dir }}/npm/docker-compose.yml
+    - source: {{ tpldir }}/files/npm_docker-compose.yml.jinja
+    - template: jinja
+    - context:
+        STREAMED_PORTS: [22]
+    - user: puser
+    - group: puser
+    - mode: '0644'
+    - makedirs: True
+    - require:
+      - podman_directory_permissions
+
+podman_containers_npm_data_dir:
+  - file.directory:
+    - name: {{ containers.podman_dir }}/npm/data
+    - user: puser
+    - group: puser
+    - dir_mode: '0755'
+    - file_mode: '0644'
+    - makedirs: True
+    - require:
+      - podman_directory_permissions
+
+podman_containers_npm_letsencrypt_dir:
+  - file.directory:
+    - name: {{ containers.podman_dir }}/npm/letsencrypt
+    - user: puser
+    - group: puser
+    - dir_mode: '0755'
+    - file_mode: '0644'
+    - makedirs: True
+    - require:
+      - podman_directory_permissions
diff --git a/podman/directory.sls b/podman/directory.sls
new file mode 100644
index 0000000..31435e4
--- /dev/null
+++ b/podman/directory.sls
@@ -0,0 +1,12 @@
+include:
+  - .user
+
+podman_directory_permissions:
+  file.directory:
+    - name: /opt/podman
+    - user: puser
+    - group: puser
+    - dir_mode: '0755'
+    - file_mode: '0644'
+    - require:
+      - podman_user_puser
diff --git a/podman/init.sls b/podman/init.sls
index 36ecbdf..939ab3b 100644
--- a/podman/init.sls
+++ b/podman/init.sls
@@ -2,4 +2,6 @@ include:
   - .pkg
   - .rootless
   - .user
+  - .directory
   - .service
+  - .containers
diff --git a/podman/rootless.sls b/podman/rootless.sls
index 1a8e23e..7c6356f 100644
--- a/podman/rootless.sls
+++ b/podman/rootless.sls
@@ -41,17 +41,18 @@ podman_rootless_modules:
     - text:
       - tun
       - fuse
+      - ip_tables
 
 podman_rootless_subgid:
   file.append:
     - name: /etc/subgid
     - text: puser:100000:65536
     - require:
-      - podman_user
+      - podman_user_puser
 
 podman_rootless_subuid:
   file.append:
     - name: /etc/subuid
     - text: puser:100000:65536
     - require:
-      - podman_user
+      - podman_user_puser
diff --git a/podman/user.sls b/podman/user.sls
index a9ea4cc..4d9dfeb 100644
--- a/podman/user.sls
+++ b/podman/user.sls
@@ -1,7 +1,7 @@
 include:
   - .pkg
 
-podman_user:
+podman_user_puser:
   user.present:
     - name: puser
     - uid: 2000
@@ -20,4 +20,4 @@ podman_user_openssh_keys:
     - user: puser
     - group: puser
     - require:
-      - podman_user
+      - podman_user_puser