# useradd -mG wheel user -s /bin/bash
# passwd user
# passwd root
# dnf update
//at host `ssh-copy-id username@host`
/etc/ssh/sshd_config
```
PasswordAuthentication no
PermitRootLogin no
```
# systemctl reboot
# dnf install epel-release
# dnf update
# crb enable
# dnf install ufw htop mc tmux vnstat bash-completion wget nano
$ echo ip_tables | sudo tee /etc/modules-load.d/ip_tables.conf
# modprobe ip_tables
# systemctl enable --now ufw.service
# fallocate -l 512M /swapfile
# chmod 0600 /swapfile
# mkswap /swapfile
# swapon /swapfile
$ echo "/swapfile none swap defaults 0 0" | sudo tee -a /etc/fstab
# dnf autoremove
# systemctl enable --now vnstat.service
# dnf install sqlite podman git unzip inotify-tools zstd patch
# useradd -m minetest -s /bin/bash 
# passwd minetest
# cp -r .ssh /home/minetest/
# chown -R minetest:minetest /home/minetest/.ssh
# loginctl enable-linger minetest
# ufw allow 30000/udp
M$ mkdir ~/maintenance && cd ~/maintenance
M$ git clone https://github.com/luanti-org/luanti.git
M$ cd luanti
M$ git switch stable-5
//change "https://luajit.org/git/luajit.git" url to "https://github.com/LuaJIT/LuaJIT.git luajit"
//and bump the alpine version
M$ mkdir -p ~/minetest-colorlandia-world/{data/.minetest,conf}
M$ mkdir ~/minetest-colorlandia-world/data/.minetest/{games,mods,worlds}
M$ podman build -t minetest .
M$ podman run --rm -it -v /home/minetest/minetest-colorlandia-world/data/:/var/lib/minetest/:Z -v /home/minetest/minetest-colorlandia-world/conf/:/etc/minetest/:Z -p 30000:30000/udp localhost/minetest
M$ podman unshare
> chown 30000:30000 minetest-colorlandia-world/data/.minetest/{,worlds}
> chown -R 30000:30000 minetest-colorlandia-world/data/.minetest/worlds/
M$ chmod o+w ~/minetest-colorlandia-world/data/.minetest/worlds/colorlandia/
M$ mkdir -p .config/containers/systemd/
~/.config/containers/systemd/minetest-colorlandia.container
```
[Unit]
Description=minetest-colorlandia
After=local-fs.target

[Container]
Image=localhost/minetest
Volume=/home/minetest/minetest-colorlandia-world/data/:/var/lib/minetest/:Z
Volume=/home/minetest/minetest-colorlandia-world/conf/:/etc/minetest/:Z
PublishPort=30000:30000/udp

[Install]
WantedBy=multi-user.target default.target

[Service]
Restart=always
RestartSec=2
RestartSteps=12
RestartMaxDelaySec=150
```
//copy backup-script-podman to ~/minetest-colorlandia-world/backup-script
M$ cd ~/minetest-colorlandia-world/backup-script
M$ mkdir -p ~/minetest-colorlandia-world/backup/{full,public}
M$ podman build -t minetest-colorlandia-backup .
//for test purposes with game not running
//M$ podman run --rm -v /home/minetest/minetest-colorlandia-world/data/.minetest/worlds/colorlandia:/src:ro,Z -v /home/minetest/minetest-colorlandia-world/backup:/dst:rw,Z -v /home/minetest/.cache/minetest-colorlandia.copied:/status:rw,Z localhost/minetest-colorlandia-backup
M$ podman run --rm -v /home/minetest/minetest-colorlandia-world/backup/public:/dst:rw,Z localhost/minetest-colorlandia-backup
M$ mkdir -p ~/.config/systemd/user
M$ cp minetest-backup-colorlandia.* ~/.config/systemd/user/
M$ systemctl --user daemon-reload
M$ systemctl --user list-unit-files
M$ systemctl --user enable --now minetest-backup-colorlandia.timer
M$ mkdir -p /home/minetest/websrv/{data,htdocs}
/*DONOTUSE
// follow https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
//M$ cd ~/maintenance/plain-website
//M$ cp websrv.container ~/.config/containers/systemd/
//M$ podman build -t websrv .
//M$ systemctl --user daemon-reload
//M$ cd ~/websrv/data
//M$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.crt
//M$ systemctl --user daemon-reload
//M$ systemctl start --user websrv.service
*/
# ufw allow 8080/tcp
//podman run -dt --rm -p 8080:80/tcp -v ~/websrv/htdocs/:/usr/local/apache2/htdocs/ docker.io/library/httpd:alpine3.22
//M$ podman run --rm docker.io/library/httpd:alpine3.22 cat /usr/local/apache2/conf/httpd.conf > ~/websrv/data/httpd-orig.conf
~/.config/containers/systemd/websrv.container
```
[Unit]
Description=websrv
After=local-fs.target

[Container]
Image=docker.io/library/httpd:alpine3.22
Volume=/home/minetest/websrv/htdocs:/usr/local/apache2/htdocs/:Z
PublishPort=8080:80/tcp

[Install]
WantedBy=multi-user.target default.target

[Service]
Restart=always
RestartSec=2
RestartSteps=12
RestartMaxDelaySec=150
```
