services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d44bca3f2bb0cd998bfc4daa668f42466eb6461d
homelab/active/podman_matrix/matrix.md
ducoterra d44bca3f2b add podman matrix
2025-10-14 12:35:23 -04:00

4.2 KiB
Raw Blame History

Podman matrix

Setup matrix Project

  • Copy and rename this folder to active/podman_matrix
  • Find and replace matrix with the name of the service.
  • Create the rootless user to run the podman containers
  • Write the compose.yaml spec for your service
  • Convert the compose.yaml spec to a quadlet
  • Install the quadlet on the podman server
  • Expose the quadlet service
  • Install a backup service and timer

Install matrix

Create the matrix user

# SSH into your podman server as root
useradd matrix
loginctl enable-linger $(id -u matrix)
systemctl --user --machine=matrix@.host enable podman-restart
systemctl --user --machine=matrix@.host enable --now podman.socket
mkdir -p /home/matrix/.config/containers/systemd

Write the matrix compose spec

Edit the compose.yaml at active/matrix/compose/compose.yaml

A Note on Volumes

Named volumes are stored at ~/.local/share/containers/storage/volumes/.

Convert matrix compose spec to quadlets

On your local machine:

# Generate the systemd service
podman run \
--security-opt label=disable \
--rm \
-v $(pwd)/active/podman_matrix/compose:/compose \
-v $(pwd)/active/podman_matrix/quadlets:/quadlets \
quay.io/k9withabone/podlet \
-f /quadlets \
-i \
--overwrite \
compose /compose/compose.yaml

# Copy the files to the server
scp -r active/podman_matrix/quadlets/. matrix:~/.config/containers/systemd/

# Copy the compose files to the server
scp -r active/podman_matrix/compose/. matrix:~/.config//

ssh matrix systemctl --user daemon-reload
ssh matrix systemctl --user restart matrix
# Enables auto-update service which will pull new container images automatically every day
ssh matrix systemctl --user enable --now podman-auto-update.timer

Setup matrix users

podman run \
-v /home/matrix/tuwunel-db:/var/lib/tuwunel:Z \
-e TUWUNEL_SERVER_NAME=matrix.reeseapps.com \
-e TUWUNEL_DATABASE_PATH=/var/lib/tuwunel \
--userns=keep-id \
--
-it \
--rm \
ghcr.io/matrix-construct/tuwunel:latest \
--execute "users create_user ducoterra"

Expose matrix

  1. If you need a domain, follow the DDNS instructions
  2. For a web service, follow the Caddy instructions
  3. Finally, follow your OS's guide for opening ports via its firewall service.

firewalld

# command to get current active zone and default zone
firewall-cmd --get-active-zones
firewall-cmd --get-default-zone

# command to open 443 on tcp
firewall-cmd --permanent --zone=<zone> --add-port=443/tcp

# command to open 80 and 443 on tcp and udp
firewall-cmd --permanent --zone=<zone> --add-port={80,443}/{tcp,udp}

# command to list available services and then open http and https
firewall-cmd --get-services
firewall-cmd --permanent --zone=<zone> --add-service={http,https}

Backup matrix

Follow the Borg Backup instructions

Upgrade matrix

Upgrade Quadlets

Upgrades should be a repeat of writing the compose spec and installing the quadlets

scp -r quadlets/. matrix:~/.config/containers/systemd/
ssh matrix systemctl --user daemon-reload
ssh matrix systemctl --user restart matrix

Notes

SELinux

https://blog.christophersmart.com/2021/01/31/podman-volumes-and-selinux/

:z allows a container to share a mounted volume with all other containers.

:Z allows a container to reserve a mounted volume and prevents any other container from accessing.

Reference in New Issue View Git Blame Copy Permalink