wiki-how

How to run containers using systemctl as user even when user is logged out

# In order to enable executing process with logged out shell
loginctl enable-linger user
# Move to user systemd dir
cd ~/.config/systemd/user/
# Generate systemd files for container
podman generate systemd --restart-policy=always -t 1 --name container_name --files
systemctl --user enable container-container_name.service

Move a container image using scp

podman image save 97f3876877e2 -o 97f3876877e2.tgz
podman load --input 97f3876877e2.tgz

Automatically change power profiles on power supply status

$ cat /etc/udev/rules.d/61-onbattery.rules
# Rule for when switching to battery
SUBSYSTEM=="power_supply",ENV{POWER_SUPPLY_ONLINE}=="0",RUN+="/usr/bin/powerprofilesctl set power-saver"

$ cat /etc/udev/rules.d/62-onpower.rules
# Rule for when switching to power supply
SUBSYSTEM=="power_supply",ENV{POWER_SUPPLY_ONLINE}=="1",RUN+="/usr/bin/powerprofilesctl set performance"

$ sudo udevadm control --reload-rules && sudo udevadm trigger

Add a missing certificate from an endpoint

export ENDPOINT_HOSTNAME=endpoint.tld
export ENDPOINT_PORT=443
echo "" | openssl s_client -showcerts -prexit -connect "${ENDPOINT_HOSTNAME}:${ENDPOINT_PORT}" 2> /dev/null | sed -n -e '/BEGIN CERTIFICATE/,/END CERTIFICATE/ p' > /tmp/tmp.ca.crt
# Verify Issuer...
openssl x509 -in /tmp/tmp.ca.crt -text | grep Issuer

sudo cp /tmp/tmp.ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

FreeBSD iocage

iocage list
iocage fetch
iocage create -r LATEST -n [JAIL]

cat /mnt/itwaswritten/iocage/jails/registry/config.json
{
    "allow_mount_devfs": 0,
    "boot": 1,
    "bpf": 1,
    "cloned_release": "13.1-RELEASE",
    "defaultrouter": "172.16.87.1",
    "devfs_ruleset": "4",
    "dhcp": 0,
    "host_hostname": "registry",
    "host_hostuuid": "registry",
    "ip4_addr": "vnet0|172.16.87.9/24",
    "ip6": "inherit",
    "jail_zfs_dataset": "iocage/jails/registry/data",
    "last_started": "2024-07-16 08:42:25",
    "release": "13.1-RELEASE-p9",
    "vnet": 1,
    "vnet0_mac": "3eecef7c9da1 3eecef7c9da2",
    "vnet_default_interface": "mlxen0"
}

Force iocage to regenerate the MAC and HW address (e.g.: after cloning a jail). This will cause the MAC and HW addresses to be regenerated when the jail is next started.

iocage set vnet0_mac=none registry

iocage start registry

FreeBSD supervisord

supervisord is available as a port called py-supervisor.

pkg install py311-supervisor

/usr/local/etc/supervisord.conf:

[program:memcached]
command=/usr/local/etc/rc.d/memcached

To run supervisord at boot time, edit /etc/rc.conf or /etc/rc.conf.local to have the line

supervisord_enable="YES"

How to squash container image with podman

podman build --layers --force-rm --squash-all --tag squashedimage  - <<< "FROM regsitry/imagetosquash"