electrochemistry

joined 1 day ago
sorted by: new top controversial old
[How to] tunnel a browser in distrobox through a gluetun podman quadlet in c/privacy@lemmy.ml
[โ€“] electrochemistry@lemmy.dbzer0.com 1 points 8 hours ago

Definitely, that's what I've done. Just run distrobox-export --app brave-browser from within the container.

How/what to start self-hosting? in c/selfhosted@lemmy.world
[โ€“] electrochemistry@lemmy.dbzer0.com 2 points 8 hours ago

I run Bitwarden and Forgejo on an old Raspberry Pi 3 B+. On my PC I run Fedora Kinoite and the following services (podman quadlets):

  • *arr stack
  • Jellyfin
  • Seerr
  • qBittorrent
  • Shelfmark
  • Grimmory

I use my PC for everything, including gaming, and the services running in the background aren't even noticeable in terms of performance degradation (unless you're for example transcoding 4k files on Jellyfin). You don't necessarily need to buy new hardware, use what you have. When it comes to Lemmy, Mastodon, etc., I'd probably get a VPS. I recommend Anubis when you expose stuff to the internet, especially Forgejo.

14
[How to] tunnel a browser in distrobox through a gluetun podman quadlet (lemmy.dbzer0.com)
 

I spent some time trying to get this to work so I thought I might as well share it if anyone is interested.

First create a new network: $ podman network create gluetun, then create a new container file:

$ touch ~/.config/containers/systemd/gluetun.container

Populate it with the VPN configuration, below is an example using Proton.

[Unit]
Description=Gluetun VPN Client
Wants=network-online.target
After=network-online.target
After=local-fs.target

[Container]
Network=gluetun
Image=docker.io/qmcgaw/gluetun
ContainerName=gluetun
AutoUpdate=registry

AddCapability=NET_ADMIN
AddCapability=NET_RAW
PodmanArgs=--device=/dev/net/tun:/dev/net/tun --privileged

Environment=VPN_SERVICE_PROVIDER=protonvpn
Environment=VPN_TYPE=wireguard
Environment=WIREGUARD_PRIVATE_KEY=
Environment=VPN_PORT_FORWARDING=off
Environment=PORT_FORWARD_ONLY=off
Environment=SERVER_COUNTRIES=

[Service]
Restart=always

[Install]
WantedBy=multi-user.target default.target

Reload the systemd daemons and run the container.

$ systemctl --user daemon-reload
$ systemctl --user start gluetun

Then create a distrobox-assemble ini file:

[fedora]
additional_packages="brave-browser"
pre_init_hooks="dnf config-manager addrepo --from-repofile=https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo"
init=false
image="registry.fedoraproject.org/fedora:latest"
nvidia=false
pull=true
root=false
replace=true
start_now=true
unshare_netns=true
additional_flags="--network container:gluetun"

Feel free to replace Brave with something else. Then create it, enter it and run the browser:

$ distrobox-assemble create --file /path/to/file.ini
$ distrobox enter fedora
$ brave-browser

If you have any suggestions on how to improve this setup I'd love to hear them!