Des félins pour dégoogliser le monde

Find a file

Haletran 09dbbe46b7 feat: readonly and use of tmpfs for some containers		2026-03-03 16:03:12 +01:00
ansible	feat: duckdns finally working	2026-03-02 15:31:24 +01:00
core	feat: readonly and use of tmpfs for some containers	2026-03-03 16:03:12 +01:00
.gitignore	ex00 - ex01	2026-02-19 21:55:59 +01:00
fr.subject.pdf	start the project	2026-02-19 20:58:31 +01:00
justfile	feat: add peertube	2026-03-03 14:17:25 +01:00
README.md	feat: add peertube	2026-03-03 14:17:25 +01:00
startup	feat: readonly and use of tmpfs for some containers	2026-03-03 16:03:12 +01:00

README.md

ft_chatons

System

Debian Stable (13)
VM with 4GO RAM
qemu, img qcow2
only one partition for the system = 20GO max (except /boot)
root password disable (only sudo use)
no graphics
ssh server (root ssh disable and not port 22)
swap file at the root (2GO)
htop and docker installed

## Create a VM
qemu-img create -f qcow2 ft_chatons.qcow2 20G

## Install Debian
qemu-system-x86_64 \
  -enable-kvm -cpu host -smp 4 -m 4G \
  -device e1000,netdev=net0 \
  -netdev user,id=net0 \
  -drive if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd \
  -cdrom debian-13.3.0-amd64-netinst.iso \
  -boot d \
  -hda ft_chatons.qcow2 \

## To launch the VM
qemu-system-x86_64 \
  -nographic -serial mon:stdio \
  -enable-kvm -cpu host -smp 4 -m 4G \
  -device e1000,netdev=net0 \
  -netdev user,id=net0,hostfwd=tcp::2222-:22 \
  -drive if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd \
  -hda ft_chatons.qcow2

## To connect via ssh
ssh -p 2222 bapasqui@localhost

## To make the correct partition
sudo cfdisk /dev/sda

## To kill the process
pkill -9 qemu

## Swap file
sudo dd if=/dev/zero of=/swapfile bs=1M count=2048
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo swapon --show
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

## Install Docker and Htop
sudo apt install htop
# Add Docker's official GPG key:
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

## Copy your ssh key to the machine
ssh-copy-id -p 2222 bapasqui@localhost

## for peertube
What you need to do in Keycloak
1. Go to https://keycloak.chatons.duckdns.org > Admin Console
2. Create realm chatons (if it doesn't exist)
3. Go to Clients > Create client:
   - Client type: OpenID Connect
   - Client ID: peertube
4. On the next page:
   - Client authentication: ON
   - Valid redirect URIs: https://peertube.chatons.duckdns.org/plugins/auth-openid-connect/0.0.1/auth/openid-connect/callback
   - Web origins: https://peertube.chatons.duckdns.org
5. Save, go to Credentials tab, copy the Client Secret
6. Paste it in core/peertube/.env replacing REPLACE_WITH_KEYCLOAK_CLIENT_SECRET
Then you also need to install the auth-openid-connect plugin in PeerTube:
- Go to PeerTube Admin > Plugins > search for auth-openid-connect > Install

Ressources

https://keepgrowing.in/tools/keycloak-in-docker-1-how-to-run-keycloak-in-a-docker-container/ https://zenn.dev/zenogawa/articles/gitea_keycloak?locale=en https://rcasys.com/en/blog/how-to-setup-saml-based-single-sign-on-authentication-with-keycloak https://caddyserver.com/docs/ https://docker.recipes/media/peertube-video