services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5184c84d508007e89047af7ba9ca8c6211961d7a
homelab/templates/podman/foobar.md
ducoterra 5184c84d50
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 33s
Details
overhauls of most service docs
2025-07-22 18:29:07 -04:00

3.7 KiB
Raw Blame History

Podman foobar

Setup foobar Project

  1. Copy and rename this folder to active/podman_foobar
  2. Find and replace foobar with the name of the service.
  3. Create the rootless user to run the podman containers
  4. Write the compose.yaml spec for your service
  5. Convert the compose.yaml spec to a quadlet
  6. Install the quadlet on the podman server
  7. Expose the quadlet service
  8. Install a backup service and timer

Install foobar

Create the foobar user

useradd foobar

su - foobar
ssh-keygen
exit
cp ~/.ssh/authorized_keys /home/foobar/.ssh/authorized_keys
chown foobar:foobar /home/foobar/.ssh/authorized_keys
loginctl enable-linger $(id -u foobar)

SSH into the server as foobar

systemctl --user enable podman-restart
systemctl --user enable --now podman.socket
mkdir -p ~/.config/containers/systemd

Write the foobar compose spec

Edit the compose.yaml at active/foobar/compose/compose.yaml

Convert foobar compose spec to quadlets

On your local machine:

# Generate the systemd service
podman run \
--security-opt label=disable \
--rm \
-v $(pwd)/active/foobar/:/compose \
-v $(pwd)/active/foobar/quadlets:/quadlets \
quay.io/k9withabone/podlet \
-f /quadlets \
-i \
--overwrite \
compose /compose/compose.yaml

# Copy the files to the server
scp -r active/foobar/quadlets/. foobar:~/.config/containers/systemd/

ssh foobar systemctl --user daemon-reload
ssh foobar systemctl --user restart foobar
# Enables auto-update service which will pull new container images automatically every day
ssh foobar systemctl --user enable --now podman-auto-update.timer

Expose foobar

  1. If you need a domain, follow the DDNS instructions
  2. For a web service, follow the Caddy instructions
  3. Finally, follow your OS's guide for opening ports via its firewall service.

firewalld

# command to get current active zone and default zone
firewall-cmd --get-active-zones
firewall-cmd --get-default-zone

# command to open 443 on tcp
firewall-cmd --permanent --zone=<zone> --add-port=443/tcp

# command to open 80 and 443 on tcp and udp
firewall-cmd --permanent --zone=<zone> --add-port={80,443}/{tcp,udp}

# command to list available services and then open http and https
firewall-cmd --get-services
firewall-cmd --permanent --zone=<zone> --add-service={http,https}

Backup foobar

Follow the Borg Backup instructions

Upgrade foobar

Upgrade Quadlets

Upgrades should be a repeat of writing the compose spec and installing the quadlets

scp -r quadlets/. foobar:~/.config/containers/systemd/
ssh foobar systemctl --user daemon-reload
ssh foobar systemctl --user restart foobar

Notes

SELinux

https://blog.christophersmart.com/2021/01/31/podman-volumes-and-selinux/

:z allows a container to share a mounted volume with all other containers.

:Z allows a container to reserve a mounted volume and prevents any other container from accessing.

Reference in New Issue View Git Blame Copy Permalink