{"id":46297387,"url":"https://github.com/krisarmstrong/setup-podman-lab","last_synced_at":"2026-03-04T10:07:22.567Z","repository":{"id":322155761,"uuid":"1088380561","full_name":"krisarmstrong/setup-podman-lab","owner":"krisarmstrong","description":"**A full-featured local lab environment for developers, hackers, and network engineers — in one co","archived":false,"fork":false,"pushed_at":"2026-01-12T19:31:06.000Z","size":110,"stargazers_count":0,"open_issues_count":8,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-13T00:12:06.784Z","etag":null,"topics":["bash","containers","devops","lab","podman"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/krisarmstrong.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-11-02T21:17:51.000Z","updated_at":"2026-01-12T19:30:45.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/krisarmstrong/setup-podman-lab","commit_stats":null,"previous_names":["krisarmstrong/setup-podman-lab"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/krisarmstrong/setup-podman-lab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krisarmstrong%2Fsetup-podman-lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krisarmstrong%2Fsetup-podman-lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krisarmstrong%2Fsetup-podman-lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krisarmstrong%2Fsetup-podman-lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/krisarmstrong","download_url":"https://codeload.github.com/krisarmstrong/setup-podman-lab/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krisarmstrong%2Fsetup-podman-lab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30078307,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T08:01:56.766Z","status":"ssl_error","status_checked_at":"2026-03-04T08:00:42.919Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","containers","devops","lab","podman"],"created_at":"2026-03-04T10:07:21.737Z","updated_at":"2026-03-04T10:07:22.558Z","avatar_url":"https://github.com/krisarmstrong.png","language":"Shell","readme":"# 🧰 Podman Lab Bootstrap\n\n![Shell](https://img.shields.io/badge/Shell-Bash-4EAA25?logo=gnubash\u0026logoColor=white) ![License](https://img.shields.io/badge/License-MIT-green) ![Podman](https://img.shields.io/badge/Container-Podman-892CA0?logo=podman) ![Status](https://img.shields.io/badge/Status-Active-success)\n\n\n**A full-featured local lab environment for developers, hackers, and network engineers — in one command.**\nAutomatically installs Podman (if missing), builds a clean container suite (dev, network, and security tools), and spins up everything from a **Kali VNC desktop** to **LibreNMS with MariaDB**.\n\nNo Docker Desktop tax. No manual setup. No excuses.\n\n---\n\n## 🚀 Features\n\n- **Automatic setup**  \n  - Installs Podman (macOS/Linux)\n  - Creates clean folder structure\n  - Builds and runs all containers from scratch\n  - Supports `light` mode for smaller environments\n\n- **Teardown mode**  \n  ```bash\n  ./setup-podman-lab.sh teardown\n  ```\n  Wipes all containers, images, and folders. Back to factory clean.\n\n- **Rootful Podman machine (Mac/Linux)**  \n  - Allocates 4 CPUs, 4GB RAM, 40GB disk (macOS)\n  - Automatically installs `podman-mac-helper` for native networking\n\n- **Self-contained Containers**\n  - 🖥️ **Kali XFCE Desktop (VNC)** – for GUI hacking \u0026 testing  \n  - 🧑‍💻 **Dev Containers** – Ubuntu, Fedora, Go, Python, Node, C, Alpine  \n  - 📡 **Networking / Security Tools** – Nmap, Wireshark/Tshark, iPerf3, GVM/OpenVAS  \n  - 🌐 **HTTP Test Server** – Python HTTP server for quick endpoint checks  \n  - 🧾 **PDF Builder** – Generates floorplan PDFs via ReportLab  \n  - 📈 **LibreNMS Stack** – LibreNMS + MariaDB + SNMP Demo node\n- **Flexible automation**\n  - Profiles for dev / net / security / monitoring stacks\n  - Target specific components or split build/run phases\n  - Parallel image builds (tunable via `LAB_BUILD_CONCURRENCY`)\n  - Quiet / verbose / progress toggles for CI scripts\n\n---\n\n## 🏗️ Setup Instructions\n\n1. Clone or copy the repo:\n   ```bash\n   git clone https://github.com/krisarmstrong/setup-podman-lab.git\n   cd setup-podman-lab\n   chmod +x src/setup-podman-lab.sh\n   ```\n\n2. Run the bootstrap:\n   ```bash\n   ./src/setup-podman-lab.sh\n   ```\n\n   Or, if you're on a Mac that's *barely breathing*:\n   ```bash\n   ./src/setup-podman-lab.sh light\n   ```\n\n3. Grab coffee ☕ — it builds ~15 containers.\n\n\u003e Running in a sandbox or on a shared machine? Set `PODMAN_LAB_ROOT` to redirect the generated `PodmanProjects/` and `PodmanData/` folders, for example:  \n\u003e `PODMAN_LAB_ROOT=\"$PWD/lab-tmp\" ./setup-podman-lab.sh light`\n\u003e\n\u003e On macOS, adjust the Podman VM disk size with `PODMAN_MACHINE_DISK_SIZE=120` if you need more space.\n\u003e\n\u003e First-time pull? Avoid Docker Hub throttling by authenticating once:  \n\u003e `podman login docker.io`\n\u003e\n\u003e Have a registry mirror? Set `LAB_REGISTRY_MIRROR=\"mirror.example.com/docker\"` and the lab will rewrite hostless base images automatically (official library images gain the `/library` prefix for you).\n\n---\n\n## 🧠 Default Credentials\n\n| Container | Username | Password |\n|------------|-----------|-----------|\n| General Dev Containers | `dev` | `dev` |\n| Kali Desktop | `kali` | `kali` |\n| LibreNMS DB | `librenms` | `librenmspass` |\n| LibreNMS Root | `librenmsroot` | *(internal only)* |\n\n\u003e Change these before using in anything production-like.  \n\u003e Or don’t — just don’t email me from your breach report.\n\n---\n\n## 🌍 Access Points\n\n| Service | Address | Notes |\n|----------|----------|-------|\n| **Kali VNC Desktop** | `localhost:5901` | Password: `kali` |\n| **LibreNMS Web UI** | `http://localhost:8001` | May take 1–2 min first run |\n| **HTTP Test Server** | `http://localhost:8000` | Returns “OK” |\n| **OpenVAS / GVM** | `http://localhost:4000` | Vulnerability scanner |\n| **PDF Output Folder** | `~/PodmanData/pdf-out` | Auto-generated floorplans |\n\n---\n\n## 🧰 Common Commands\n\n| Command | Purpose |\n|----------|----------|\n| `podman ps` | List running containers |\n| `./src/setup-podman-lab.sh --profile dev --build-only` | Rebuild just the dev stack |\n| `./src/setup-podman-lab.sh --profile dev --run-only` | Restart previously built dev containers |\n| `./src/setup-podman-lab.sh --components kali-vnc,http-test` | Target specific components |\n| `podman exec -it ubuntu-dev bash` | Open a shell in the Ubuntu dev container |\n| `podman exec -it packet-analyzer bash` | Run Wireshark CLI (tshark) |\n| `podman logs librenms` | Check LibreNMS startup logs |\n| `podman machine inspect` | Show machine config (Mac) |\n| `./src/scripts/verify-lab.sh` | Smoke-test key services (kali-vnc, http-test, librenms, GVM) |\n\n---\n\n## 🔄 Cleanup\n\nWhen you're done wrecking your lab:\n\n```bash\n./src/setup-podman-lab.sh teardown\n```\n\nThat stops everything, deletes images, nukes volumes, and removes:\n```\n~/PodmanProjects\n~/PodmanData\n```\n\n---\n\n## 🧩 Folder Layout\n\n```\n~/PodmanProjects/   → Container build contexts\n~/PodmanData/       → Persistent data (mounted volumes)\n```\n\nEach container gets its own subfolder, so nothing collides.\n\n---\n\n## ⚙️ macOS Notes\n\n- Uses **Podman Machine** (VM-based)  \n- `podman-mac-helper` installed automatically for native networking  \n- Capture containers (like packet-analyzer) see VM interfaces, not Wi-Fi directly\n\n**Avoid Docker Hub rate limiting:**  \nAuthenticate once before running the full lab so base images pull without throttling:\n```bash\npodman login docker.io\n```\n(If you prefer Docker CLI, `docker login` works too.)\n\nTo use Docker-style commands:\n```bash\nexport DOCKER_HOST=\"unix://$(podman machine inspect --format '{{.ConnectionInfo.PodmanSocket.Path}}')\"\n```\n\n---\n\n## 🧨 Troubleshooting\n\n**Podman won’t connect (Mac):**\n```bash\npodman machine init\npodman machine start\n```\n\n**LibreNMS web page blank:**\nWait a minute — migrations can take time on first boot.\n\n**VNC client says “connection refused”:**\nEnsure `kali-vnc` is running:\n```bash\npodman ps | grep kali-vnc\n```\n\n**Need more resources (Mac):**\n```bash\npodman machine set --cpus 8 --memory 8192\npodman machine restart\n```\n\n**Hit Docker Hub “too many requests”:**  \nUnauthenticated pulls are rate limited. Run `podman login docker.io`, or retry later once the limit resets.\n\n**Working fully offline:**  \nPre-pull the base images you need (e.g. `podman pull ubuntu:latest`), then run with `LAB_OFFLINE_MODE=1` to disable remote pulls.\n\n---\n\n## 🧭 Component Profiles \u0026 Flags\n\n| Profile | Includes |\n|---------|----------|\n| `all` *(default)* | Everything in the lab |\n| `dev` | ubuntu-dev, fedora-dev, go-dev, python-dev, c-dev, node-dev, alpine-tools, pdf-builder |\n| `net` | nmap-tools, packet-analyzer, iperf-tools, http-test, snmp-demo |\n| `sec` | kali-vnc, vulnerability-scanner, nmap-tools |\n| `monitor` | librenms, librenms-db, snmp-demo, http-test |\n\n### CLI switches\n\n- `--profile NAME` Select one of the profiles above.\n- `--components a,b,c` Build/run only the listed components (overrides profile).\n- `--build-only` Run the builds but skip container startup.\n- `--run-only` Start containers assuming images already exist.\n- `--quiet` Suppress INFO-level console output (logs still written).\n- `--verbose` Stream command output and include DEBUG logs.\n- `--no-progress` / `--progress` Toggle the textual progress bar.\n\n### Environment overrides\n\n| Variable | Purpose |\n|----------|---------|\n| `LAB_PROFILE` | Default profile when `--profile` isn’t provided. |\n| `LAB_COMPONENTS` | Default component list (comma-separated). |\n| `LAB_PULL` | Podman pull policy; defaults to `if-needed` (set `always` for clean bases). |\n| `LAB_IMAGE_PREFIX` | Namespace for built images (default `podman-lab`). |\n| `LAB_PROGRESS_ENABLED` | Set `0` to disable the progress bar globally. |\n| `LAB_BUILD_CONCURRENCY` | Parallel podman builds (default 2; set 1 to disable). |\n| `LAB_REGISTRY_MIRROR` | Prefix for hostless images (e.g. `registry.example.com/docker`). |\n| `LAB_VERBOSE` / `LAB_QUIET` | Default logging verbosity toggles. |\n| `LAB_LOG_FILE` | Target log file path (defaults under `$PODMAN_LAB_ROOT/logs`). |\n| `LAB_SKIP_REGISTRY_CHECK` | Set `1` to suppress the Docker Hub login warning. |\n| `LAB_OFFLINE_MODE` | Set `1` to require pre-pulled base images (`LAB_PULL` forced to `never`). |\n\nDetailed logs for every run live in `$(PODMAN_LAB_ROOT:-$HOME)/logs/setup-podman-lab-\u003ctimestamp\u003e.log`.\n\n### Quality-of-life add-ons\n\n| File | Purpose |\n|------|---------|\n| `src/completions/setup-podman-lab.bash` | Bash completion for commands, profiles, and flags. Source it in your shell (`source src/completions/setup-podman-lab.bash`) for tab completion. |\n| `src/completions/setup-podman-lab.zsh` | zsh completion. Add `fpath+=(path/to/src/completions)` and `autoload -Uz compinit; compinit`. |\n| `src/completions/setup-podman-lab.fish` | fish completion. Copy into `~/.config/fish/completions/`. |\n| `src/scripts/verify-lab.sh` | Basic smoke test. Runs `podman ps`, checks the VNC/http/LibreNMS/GVM containers, and exits non-zero on failure. |\n| `src/scripts/verify-openvas.sh` | Targeted GVM health check (`podman exec vulnerability-scanner gvm-cli ...`). |\n\n---\n\n## 👤 Author\n\n**Kris Armstrong**  \nSales / Systems Engineer • Network \u0026 Cybersecurity Specialist  \n**“The Man. The Myth. The Legend.”**\n\n[LinkedIn](https://www.linkedin.com/in/kris-armstrong) | [GitHub](https://github.com/krisarmstrong)\n\n---\n\n## ⚠️ Disclaimer\n\nThis lab is **not hardened**. It’s intentionally permissive to make development and testing easy.  \nDon’t expose any of these containers directly to the internet unless you’re doing a pen test and you *really* know what you’re doing.\n\n---\n\n## 🏁 License\n\nMIT — because freedom smells like shell scripts and root shells.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrisarmstrong%2Fsetup-podman-lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkrisarmstrong%2Fsetup-podman-lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrisarmstrong%2Fsetup-podman-lab/lists"}