I’ve officially stopped using generate_systemd for my Podman deployments.

I updated my Ansible playbooks to use the Quadlet support in the containers.podman collection (state: quadlet).

Instead of scripting podman run commands or managing complex systemd unit files manually, Ansible now defines the container as a systemd service natively.

The result?

Rootless by default.

Auto-updates enabled (AutoUpdate=registry).

Zero drift.

If you’re running RHEL at the edge, this is the architecture you want.

:ansible: ❤️ :podman:

#Ansible #Podman #RHEL #DevOps #Quadlet #Linux

🚀 Upgrade de #Backup al meu servidor! 💾 Fins ara feia servir #Restic amb scripts shell per gestionar tots els meus #backups, i funcionava bé.Però acabo d'instal·lar #Zerobyte com a #Quadlet al servidor... i és una autè ...

[^BgTA^] :verified: :opensuse:...

🚀 Upgrade de #Backup al meu servidor! 💾

Fins ara feia servir #Restic amb scripts shell per gestionar tots els meus #backups, i funcionava bé.

Però acabo d'instal·lar #Zerobyte com a #Quadlet al servidor... i és una autèntica passada! 🤯

És un front-end brutal per a #Restic per monitoritzar, restaurar i gestionar els repos sigui increïblement fàcil. Recomanat 100% si feu servir #Restic!

https://github.com/nicotsx/zerobyte

#Linux #Server

Bagaimana kami menjalankan instance #mastodon ini menjadikan sumber inspirasi buat kami untuk menjabarkan step-by-step menjalankan #container mastodon dengan #podman #quadlet

https://blog.kodesumber.com/posts/container-mastodon-dengan-menggunakan-quadlet-podman/

Question for #systemd #quadlet gurus: what do y'all do for running different services properly segregated that have persistent data needs? My first attempt was to add system users with user systemd instances (kind of like I would've done previously with just service users), and while that *works*, I definitely feel like I'm fighting systemd the whole way. Dynamic users are tempting, but I'm not grokking how data ownership would work when the UID presumably isn't stable across reboots. I'm sure I'm holding it wrong, but I'm not quite getting what the right way is

After migrating from #Docker #Compose to #rootless #Podman Compose, the next step was to migrate my services to #Quadlets. I guess my container-based homelab setup is almost perfect now 😁

@homelab #homelab #selfhosting #selfhosted #systemd #quadlet

I've updated my servers to latest #Debian stable. Happy to see #podman #quadlet finally available in Debian stable. I've started migrating services to it, first one completed this weekend.

On a related note, I am now also running an Immich instance, also as a Podman quadlet...

#Immich #SelfHosting #HomeLab #Podman #Quadlet #HellYeah #HomeLab

I am now running an OpenCloud server, based on Podman quadlets, behind Traefik. Let's see if it works better on iPhones than Nextcloud...

#OpenCloud #Podman #Quadlet #nextcloud #HomeLab #HellYeah

Ein neuer Forumbeitrag: https://linux-nerds.org/topic/1787/forgejo-v13.0.1-released #forgejo #podman #quadlet #linux

Ein neuer Forumbeitrag: https://linux-nerds.org/topic/1785/forgejo-v13.0.0-released #forgejo #podman #quadlet #linux

@techviator You're welcome. Don't hesitate to ping me back. I migrated to podman in the previous 3-4 months and I still need to understand a lot (how to do #healthcheck on quadlet, how can I replace #cadvisor to #monitor #quadlet)

@techviator
I had trouble with the network part and the #DNS resolution using #podman, I followed this tutorial to understand it:
https://giacomo.coletto.io/blog/podman-quadlets/

Finally, I migrated from #docker_compose to #quadlet
Doc: https://www.redhat.com/en/blog/quadlet-podman
Tutorial: https://giacomo.coletto.io/blog/podman-podlet/

Here's how to run podman containers as systemd units using "quadlets".

I was running my GoToSocial instance as a rootless container using podman-compose on a VPS with Debian Trixie. This was working fine, but when rebooting the server, I would have to manually log in, switch to the dedicated user account and start the container. Not starting this automatically is a real PITA, so I wanted to change this by using podman quadlets instead, which generate standard systemd unit files.

My starting point was a compose.yaml file:

services:
  gotosocial:
    image: docker.io/superseriousbusiness/gotosocial:0.19.2
    container_name: gotosocial
    user: 1004:1004
    networks:
      - gotosocial
    environment:
      GTS_HOST: fedi.4x31.dev
      GTS_DB_TYPE: sqlite
      GTS_DB_ADDRESS: /gotosocial/storage/sqlite.db
      GTS_LETSENCRYPT_ENABLED: "false"
      GTS_WAZERO_COMPILATION_CACHE: /gotosocial/.cache
      GTS_TRUSTED_PROXIES: "192.168.0.1/16"
      GTS_LOG_LEVEL: warn
      TZ: Europe/Berlin
    ports:
      - "127.0.0.1:9000:8080"
    volumes:
      - ./data:/gotosocial/storage
      - ./.gtscache:/gotosocial/.cache
    restart: "always"

networks:
  gotosocial:
    ipam:
      driver: default
      config:
        - subnet: "192.168.0.1/16"
          gateway: "192.168.0.100"

First I defined the podman network:

# /etc/containers/system/gotosocial.network
[Network]
Subnet=192.168.0.1/16
Gateway=192.168.0.100

Then the container itself, which depends on this network:

# /etc/containers/system/gotosocial.container
[Unit]
Description=GoToSocial
Wants=network-online.target
After=network-online.target
Requires=gotosocial.network
After=gotosocial.network

[Container]
Image=docker.io/superseriousbusiness/gotosocial:0.19.2

# This is the UID:GID of the non-privileged user I was using with podman-compose
User=1004:1004
UserNS=keep-id

Environment=GTS_HOST=fedi.4x31.dev
Environment=GTS_DB_TYPE=sqlite
Environment=GTS_DB_ADDRESS=/gotosocial/storage/sqlite.db
Environment=GTS_LETSENCRYPT_ENABLED=false
Environment=GTS_WAZERO_COMPILATION_CACHE=/gotosocial/.cache
Environment=GTS_TRUSTED_PROXIES="192.168.0.1/16"
Environment=GTS_LOG_LEVEL=warn
Environment=TZ=Europe/Berlin

Volume=/home/gotosocial/data:/gotosocial/storage:rw,U,z
Volume=/home/gotosocial/.gtscache:/gotosocial/.cache:rw,U,z

PublishPort=127.0.0.1:9000:8080
Network=gotosocial.network

[Service]
TimeoutStartSec=900
Restart=always

[Install]
WantedBy=multi-user.target

I was able to test this configuration using the "dry-run mode" of the generator and review the output:

sudo /usr/lib/systemd/system-generators/podman-system-generator -dryrun

With all this set up, I was able to start the service and check the logs:

sudo systemctl daemon-reload
sudo systemctl start gotosocial
sudo journalctl -u gotosocial -f

Looking at the logs I noticed that ufw, my firewall, was blocking both DNS traffic from the podman network as well as outgoing traffic required to fetch media from other instances. So I allowed DNS and outgoing traffic for podman containers:

sudo ufw allow in on podman1 to any port 53
sudo ufw route allow in on podman1 out on ens3
sudo ufw status verbose

It was quite a journey figuring out all required steps. But I am very happy with the result, and I hope this little guide may help others. Thanks for reading! <3

#SelfHosting #FediVerse #GoToSocial #podman #containers #systemd #ufw #quadlet

Ein neuer Forumbeitrag: https://linux-nerds.org/topic/1780/forgejo-v12.0.4-security-release #forgejo #linux #podman #quadlet

Someone reminded me today that I promised someone a post about automatic container updates with quadlets and podman. Well, here you go!

https://major.io/p/podman-quadlet-automatic-updates/

#podman #fedora #containers #quadlet #devconfus #linux #systemd

Podman containers for Unifi and MongoDB on Debian

I needed to install the Unifi Network Server for managing my Unifi access points (UAP). There is hardware available to manage this, such as the Unifi CloudKey Gen2 (UCK-G2), but I prefer not to buy and run any extra hardware when it’s possible to just run the Unifi Network Server on a Linux system. It requires MongoDB, which is not packaged in Debian any more because its license is not […]

https://blog.frehi.be/2025/09/15/podman-containers-for-unifi-and-mongodb-on-debian/

#Quadlet #containers #Debian #MongoDB #Podman #Unifi

Hoping for some feedback, I'm trying to use #quadlet in rootless #podman on Arch, but my service always fails on reboot (or first start with podman-restart service disabled) because the port it wants to listen on is already bound. Changing the port doesn't help.

I used lsof to find that when the service first starts, the port is tied up by my container user running passt, so it seems podman is getting in the way of itself. Oddly, if I kill passt and try starting the service again, it works, but now the port is tied up by root (who I'm logged in as on the vm, podman user has nologin) running the command "common". I enabled lingering for my podman user, not sure if I'm missing a step here.

Out of desperation, I tried running podman system reset, which makes sense because I would guess it should be some systemd command that would fix this issue.

The maddening thing is that this service spun up properly on boot once, and it broke after I changed the host, name, and file name of the service and rebooted.

I don't think it's a problem with the container file, but here it is for good measure. It's in /etc/containers/systemd/users

[Container]
ContainerName=calibre-web
HostName=calibre-web
Image=image: lscr.io/linuxserver/calibre-web:latest
AutoUpdate=registry
PublishPort=127.0.0.1:8083:8083
UIDMap=1000:0:1
UIDMap=0:1:1000
UIDMap=1001:1001:64536
Volume=/srv/config/calibre-web/:/config
Volume=/srv/media/books:/books

[Service]
Restart=always
TimeoutStartSec=300

[Install]
WantedBy=default.target

I’ve written a guide on using Podman with Quadlet on AlmaLinux 10, with optional Cockpit integration.
https://paulsorensen.io/install-podman-almalinux-quadlet-cockpit/

#AlmaLinux #Podman #Quadlet #Cockpit #selfhosting

This is very cool!

I finally found a major project providing installation instructions for podman quadlets: wg-easy

https://wg-easy.github.io/wg-easy/latest/examples/tutorials/podman-nft/

#Podman #Quadlet