PentestAgent Podman Quadlet Stack

This workspace provides a rootless Podman Quadlet setup with:

  • Shared bridge network: pentestagent-net
  • Pod: pentestagent
  • Containers in same pod/network namespace:
    • ollama (ollama/ollama:rocm)
    • litellm (ghcr.io/berriai/litellm:main-stable)
    • pentestagent (ghcr.io/gh05tcrew/pentestagent:latest)
    • pentestagent-kali (ghcr.io/gh05tcrew/pentestagent:kali) (optional)

1) Install files

Run on the Linux host where Podman + systemd user services run:

mkdir -p ~/.config/containers/systemd
mkdir -p ~/.config/pentestagent
mkdir -p ~/.local/share/pentestagent/{ollama,loot,workspace}

cp quadlet/*.network ~/.config/containers/systemd/
cp quadlet/*.pod ~/.config/containers/systemd/
cp quadlet/*.container ~/.config/containers/systemd/
cp config/litellm-config.yaml ~/.config/pentestagent/litellm-config.yaml
cp config/pentestagent.env.example ~/.config/pentestagent/pentestagent.env

1b) Proxmox LXC / root login (no user bus)

If you are in an unprivileged LXC and operating as root, systemctl --user often fails with:

$DBUS_SESSION_BUS_ADDRESS and $XDG_RUNTIME_DIR not defined

Use system scope Quadlet units instead:

mkdir -p /etc/containers/systemd
mkdir -p /etc/pentestagent
mkdir -p /var/lib/pentestagent/{ollama,loot,workspace}

cp quadlet/*.network /etc/containers/systemd/
cp quadlet/*.pod /etc/containers/systemd/
cp quadlet/*.container /etc/containers/systemd/
cp config/litellm-config.yaml /etc/pentestagent/litellm-config.yaml
cp config/pentestagent.env.example /etc/pentestagent/pentestagent.env

Then in each copied *.container file under /etc/containers/systemd/, replace:

  • %h/.config/pentestagent/pentestagent.env/etc/pentestagent/pentestagent.env
  • %h/.config/pentestagent/litellm-config.yaml/etc/pentestagent/litellm-config.yaml
  • %h/.local/share/pentestagent/.../var/lib/pentestagent/...

Start units with systemd system scope:

systemctl daemon-reload
systemctl enable --now pentestagent-network.service
systemctl enable --now pentestagent-pod.service
systemctl enable --now ollama.service
systemctl enable --now litellm.service

# Choose one runtime container (standard OR kali)
systemctl enable --now pentestagent.service
# systemctl enable --now pentestagent-kali.service

2) Edit environment

Edit ~/.config/pentestagent/pentestagent.env and set at least:

  • PENTESTAGENT_MODEL=ollama/llama3.1 (or another local model)
  • Optional API keys for non-local providers

If you set LITELLM_MASTER_KEY, clients calling LiteLLM must include it.

3) Start with systemd user units

systemctl --user daemon-reload
systemctl --user enable --now pentestagent-network.service
systemctl --user enable --now pentestagent-pod.service
systemctl --user enable --now ollama.service
systemctl --user enable --now litellm.service

# Choose one runtime container (standard OR kali)
systemctl --user enable --now pentestagent.service
# systemctl --user enable --now pentestagent-kali.service

Check status/logs:

systemctl --user status ollama litellm pentestagent
journalctl --user -u ollama -u litellm -u pentestagent -f

4) Use services

  • LiteLLM endpoint: http://127.0.0.1:4000
  • Ollama endpoint: http://127.0.0.1:11434

Launch the TUI inside the running standard container:

podman exec -it pentestagent pentestagent

Launch the TUI inside the Kali container (if enabled):

podman exec -it pentestagent-kali pentestagent

Or run with explicit model routing through LiteLLM:

podman exec -it pentestagent env PENTESTAGENT_MODEL=ollama/llama3.1 pentestagent

Notes

  • ollama/ollama:rocm requires AMD ROCm-compatible host/device support.
  • If ROCm devices are unavailable, replace the image with ollama/ollama:latest and remove AddDevice lines in quadlet/ollama.container.
  • Run either pentestagent.service or pentestagent-kali.service to avoid duplicate idle runtime containers.

Ollama profile switch (ROCm ↔ CPU fallback)

This repo includes both:

  • quadlet/ollama.container (ROCm)
  • quadlet/ollama-cpu.container (CPU fallback, no passthrough devices)

Use the helper script:

chmod +x scripts/switch-ollama-profile.sh

# user scope (default)
./scripts/switch-ollama-profile.sh cpu
./scripts/switch-ollama-profile.sh rocm

# system scope (LXC/root)
./scripts/switch-ollama-profile.sh cpu --scope system
./scripts/switch-ollama-profile.sh rocm --scope system

Manual fallback (if you prefer not to run scripts):

# Switch to CPU fallback (user scope)
cp quadlet/ollama-cpu.container ~/.config/containers/systemd/ollama.container
systemctl --user daemon-reload
systemctl --user restart ollama.service

# Switch to CPU fallback (system scope / LXC root)
cp quadlet/ollama-cpu.container /etc/containers/systemd/ollama.container
sed -i 's|%h/.local/share/pentestagent|/var/lib/pentestagent|g' /etc/containers/systemd/ollama.container
systemctl daemon-reload
systemctl restart ollama.service

# user scope
cp quadlet/ollama.container ~/.config/containers/systemd/ollama.container
systemctl --user daemon-reload
systemctl --user restart ollama.service

# system scope
cp quadlet/ollama.container /etc/containers/systemd/ollama.container
sed -i 's|%h/.local/share/pentestagent|/var/lib/pentestagent|g' /etc/containers/systemd/ollama.container
systemctl daemon-reload
systemctl restart ollama.service
S
Description
No description provided
Readme 58 KiB
Languages
Shell 100%