ICYMI: Koen Vervloesem shows you how to run rootless Podman containers and seamlessly integrate them into systemd services
https://www.admin-magazine.com/Archive/2025/85/Run-rootless-Podman-containers-as-systemd-services?utm_source=mam
#Podman #containers #systemd #Docker #Quadlet #Linux
Administered by:
#quadlet
0 posts0 participants0 posts today
Well, this took a bit of investigative work but was ultimately successful. Now, for each service that I want to host I have an Ansible playbook that:
1. Creates a service-specific user that will run the rootless #podman container
2. Uploads the custom #quadlet `.container` unit file in said user's home
3. Use `machinectl` to interact with systemd as said user
As an example, I now have CoreDNS running as a rootless container as the `coredns` user via systemd/quadlet!
Quadlet: Running Podman containers under systemd
mo8it.comQuadlet: Running Podman containers under systemdFinally, Podman has a Docker Compose alternative
Podlet/Quadlet advice request
I gotta update my #quadlet repository to actually mention #podman auto-update and its respective systemd service...
I have the largest existing repo with quadlet examples, added AutoUpdate=registry to all of them, and completely forgot to mention how to make them auto-update.
Codeberg.orgherz-quadletA repository where I store my podman quadlets.
Is anyone here versed in #podman and #quadlet ? I'm trying to get the latest version to work on Raspbian (Debian 12), I got it installed by building from source, podman works, quadlet seems to work, the issue arises when I create a `.continer` file so systemd picks i tup and creates a service, the service unit created has the following podman path: `~/.local/bin/bin/podman` and for the love of me, I can't figure out where this is coming from? Tried setting PODMAN env var tbut no joy.
Continued thread
Also check out other posts in the series:
oranki.netSelf-Hosting-My-Way
New blogpost just dropped! Here's a dead easy way to run Nextcloud with Redis and PostgreSQL, using Podman + Quadlet:
https://oranki.net/posts/2025-01-02-self-hosting-my-way5-nextcloud/
#nextcloud #podman #quadlet #self-hosted #foss
oranki.netSelf Hosting My Way - Nextcloud
Nextcloud, the go-to for most self-hosters, doesn’t really need introductions. This post has been long in the making, mainly due to my recent change from running everything with Podman to Kubernetes with k3s. Long story short, k8s is fun and interesting, but Podman pods are rock solid. I had an accident on new year configuring cluster ingress, and had to make a quick decision on whether to spend the night figuring it out, or switch back to trusty old ways. I chose the latter.
I'm in a mood to try to setup #bootc-based server again.
This time to do the total bare minimum, to only load the system. Rest would be handled by podman and #quadlet based containers, so no hardcoding packages. And I would likely do that with #Ansible, but in some more simple way where I'd embed all the quadlets and configurations in the Ansible playbook itself, instead of copying the files over, I find that too messy.
I know it's servers, but Fedora would probably be fine. Perhaps CentOS Stream. I'd like to have access to newer #podman and #systemd goodies.
Since my last posts about Podman Quadlets on here I've done a lot of updates to my repository with podman quadlets:
- Move to Codeberg
- Mirror to Github
- Synapse + PostgreSQL
- Start on boot by default
- Dependency management between some containers
- Force logging through systemd's journal
- PiGallery2
- Cinny
- Element
- Nextcloud
- Fossil
- LibreSpeed speedtest
- FreshRSS
As usual, to get started you just do something like this:
cp herz-quadlet/project-you-want/ ~/.config/containers/systemd/
systemctl daemon-reload --user
systemctl start --user project-you-want
Of course, after taking a look at the folder's readme, if there is one.
Codeberg.orgherz-quadletA repository where I store my podman quadlets.
Next fun one for the #podman #quadlet #container users:
I have a quadlet file that specifies a Secret and uses it:
Secret=my-secret,type=env,target=SOME_NAME
Exec=my-command $SOME_NAME
"podman secret ls" shows the secret with the correct name
But still when starting the container I get a warning:
"Referenced but unset environment variable evaluates to an empty string"
Funnily enough, in total there are three secrets being defined and uses, and only one of them errors out...
Any ideas on how to debug this?
Question for the #podman #quadlet #container users out there:
Given that I have a quadlet file that has an "Environment=FOO=bar" setting, which makes the variable FOO available to the container.
Now I can use a "Exec=echo $FOO" inside the container and get my variable's value. Also "Exec=env" prints out the environment variables, which contains the FOO variable.
The variable is set inside the container, but not exported to any subshells being started. What would be the best approach to do that so I can start a bash script using "Exec=/my_bash_script.sh"
I tried different variations of "Entrypoint=/bin/bash" and "Exec=-c '...'" and things like that, but nothing seemed to work.
Background: I can use Podman secrets as environment variables, but I cannot at the same time use things like bash's date command to get a proper timestamp, if I directly start the executable via "Exec"...
Hey #podman #quadlet #container users,
does anyone already have a solution to handle quadlet files in a GitOps way? I.e. a script that runs periodically, pulls down the latest state of the files from a git repository and then restarts the pods?
Or are you all handling image updates with Podman's auto-update functionality (which only gives you the latest image, without handling dependencies between containers AFAIAA)?
Wrote a blog post about an issue I faced managing Podman containers with Quadlets:
https://blog.hnnng.space/podman-quadlets-systemd/
Sometimes just one sentence in a README turns out to be the solution to your problem. :D
blog.hnnng.spacePodman Quadlets and systemd "start request repeated too quickly." - logged.
Replied in thread
@jwildeboer Isn’t quadlet awesome? I assume that’s what you’re using for the systemd integration. I run whole pods with a single systemd definition, and just systemctl restart the pod when I want to update it. Though, sometimes it is more efficient to do the pulls outside of quadlet, for larger pods.