Skip Navigation
13 comments

  • I've been using podman forever; I've only used Docker a couple of times.

    But tell me about Quadlets! I've never hear of them before.

    • What if I told you that you could define containers with systemd units?

      https://www.redhat.com/en/blog/quadlet-podman

      Quadlets are systemd files that define containers, networks and storage. It is the same idea as docker compose but with a daemonless model. Systemd starts your podman container workload just it does for any service. You can use systemctl commands and everything.

    • I love quadlets, here's an example:

       ini
          
$ cat .config/containers/systemd/kavita.container
[Unit]
Description=Kavita manga server
After=mnt-files.mount

[Container]
ContainerName=kavita
Image=docker.io/jvmilazz0/kavita:latest
AutoUpdate=registry
Network=kavita.network
PublishPort=5000:5000
Environment=TZ=Etc/UTC
Volume=/mnt/files/books/comics:/comics:ro
Volume=/mnt/files/books/gnovels:/gnovels:ro
Volume=/mnt/files/books/manga:/manga:ro
Volume=${HOME}/kavita:/kavita/config:Z
HealthCmd=curl -fsS http://localhost:5000/api/health || exit 1

[Service]
Restart=always

[Install]
WantedBy=default.target


  
       ini
          
$ cat .config/containers/systemd/kavita.network
[Network]
NetworkName=kavita
Options=isolate=true # library add uses Kavita site

      If you've dealt with systemd service files this will look familiar, with the addition of the container section.

      AutoUpdate=registry gives you automatic updates to 'latest' (or whatever tag you've set) and there's rollbacks too, so you just have to worry about the less-critical bugs in newer versions. Personally, I feel more secure with this setup, as this box is a VPS.

      Network=kavita.network - I put all my containers in different networks (with minimal privs, so many don't have outgoing internet access), and my reverse proxy is also in all of those networks so it can do its thing.

      • I've been managing my containers with service filles forever; I've just always built them by hand. The ones podman uses to create were screwed up in so many ways.

        These look better. I think the autoupdate is something I wouldn't use; if I do something and something stops working, I know what happened. I reality hate things that mysteriously stop working in the middle of the night.

        But the network setting... Now that's exciting. I've been working myself up to tighten stuff down like this, and this looks way easier.

      • Any chance you could go into more depth on your reverse proxy config? By the sounds of it you’re doing exactly what I would like to do with my services. Which reverse proxy are you using? What does your config look like? I’ve been trying to get both nginx and caddy working in the last 2 weeks and I’m REALLY struggling to get subnets working. My ideal setup would be using Tailscale and being able to follow the scheme service.Device.tailXXXX.ts.net. I’m struggling to find the reverse proxy config and DNS entries on my local network to get that working. I’ve seen comments saying people have done this, but none of them have shared their configs.

13 comments