Larvitz 3d ago

New blog post: Tag-Driven Deployments: How MastoSum Ships Itself with Forgejo Actions and Rootless Podman

The pipeline is tag-driven and fully automated. A git push v0.2.9 triggers a Forgejo Actions workflow that builds a UBI10-based image, cosign-signs it, and writes a trigger file. A systemd path unit picks it up, verifies the signature, pulls by digest, and restarts the four app services. No SSH, no webhook receiver, no additional daemon. The CI runner lives in the same rootless Podman user context as the app it deploys.

The filesystem is the API between CI and host.

https://blog.hofstede.it/tag-driven-deployments-how-mastosum-ships-itself-with-forgejo-actions-and-rootless-podman/

#linux #podman #containers #quadlet #devops #forgejo

Tag-Driven Deployments: How MastoSum Ships Itself with Forgejo Actions and Rootless Podman

A walk through the MastoSum deployment pipeline: a version tag triggers Forgejo Actions, builds and signs a UBI-based image, then hands deployment to a rootless systemd/Podman host via a path unit ...

Larvitz Blog
Show threadAdhidarma Hadiwinoto 4d ago

@cichy1173 welcome to #fcos fan club. I use FCOS a lot both on my #homelab and my corporate systems.

For me, the combination of FCOS and #containers (using #podman #quadlet) workload is the most stable and easy way to get up-to-date system. You can depend on FCOS's zincati and podman-auto-update timer to get up-to-date systems in easy but stable.

Markus LindenbergMay 12

Fun with containers in VLANs:

Using a SR-IOV virtual function network interface with VLAN tagging as a macvlan link for podman containers.

This way containers started with the right --network will get an own DHCP address w/o NAT from the configured VLAN. The mac address is fixed in the .container quadlet so my DHCP server can create a static lease for the container.

#linux #podman #quadlet #systemd

8472May 12

Da breche ich mir einen ab und bin 5 vor ragequit weil meine #quadlet #podman container absolut nicht im gemeinsamen Netzwerk über ihren Namen erreichbar sind wie ich es von #docker gewohnt war.

Jetzt habe ich das ganze als #pod umgesetzt hast und es läuft 🤗

Speziell ging es darum das #pihole mit #unbound reden soll. Das übliche unbound#port wollte aber nicht. Jetzt als pod läuft es.

z3r0May 2

My Ansible role that deploys services with Podman containers using Quadlet is now available.

https://forge.maverick-hq.org/z3r0/ansible-role-podman-quadlet-service

Enjoy it!

#ansible #ansibleroles #podman #quadlet #devops

ansible-role-podman-quadlet-service

An Ansible role to setup Podman Quadlet services

Forgejo: Beyond coding. We Forge.
Larvitz Apr 27

New blog post: Ansible-Native Quadlets: Deploying a Mastodon Greeter Bot with containers.podman

Hand-written Quadlet files are great for one host. For a small fleet, I want them in Ansible: templated config, registry login, Podman secrets, systemd handlers, SELinux labels, and repeatable deployment.

The example: a tiny Mastodon welcome bot running as a Podman Quadlet-managed systemd service.

https://blog.hofstede.it/ansible-native-quadlets-deploying-a-mastodon-greeter-bot-with-containerspodman/

#Linux #Ansible #Podman #Quadlet #systemd #Mastodon #SelfHosting #RHEL

Ansible-Native Quadlets: Deploying a Mastodon Greeter Bot with containers.podman

Hand-writing Quadlet files works for one host. For a fleet, the containers.podman collection’s native Quadlet generation lets you describe containers as Ansible state, including secrets, registry l...

Larvitz Blog
Tommi 🤯Apr 12

I decided to dedicate my weekend to server maintenance and documentation.

Yesterday, I managed to install Immich using Quadlets, following the instructions on this very insightful repository, then I tried to migrate a Nextcloud installation from YunoHost to my new homelab. I started a #tmux session so that @sirodoht could kindly join to help me. We tinkered for two hours, but there was too much to do 🤯

Today, I spent the whole day writing documentation for these and many other things I learned/did in the past couple of months, since I am terrible at taking notes of the technical experiments I do.

I am exhausted, but also quite discouraged. The more I write, the more I feel there is to write. I really think I don’t have the time and the energy, but when it’s done it’s very fulfilling, and it’s very useful to have a lot of references in the future.

I will edit this post once what I wrote gets published on tommi.space.

#Immich #Podman #Quadlet #Quadlets #systemd #Linux #containers #tmux #documentation

Immich

Self-hosted photo and video management solution. Easily back up, organize, and manage your photos on your own server. Immich helps you browse, search and organize your photos and videos with ease, without sacrificing your privacy.

Immich
zinklinkApr 12
Podman with Quadlet - Getting Started Guide https://github.com/fpatrick/podman-quadlet #Quadlet #Podman
Adhidarma Hadiwinoto Apr 11
Sengaja tulis ini pakai akun misskey biar gak kejedot limit karakter.

Mengapa saya menggunakan dan menginstruksikan lingkungan yang berada dalam kendali saya menggunakan #podman bukan #docker dalam menjalankan #container

Pertama, docker membutuhkan daemon (yang defaultnya berjalan sebagai root) sedangkan podman sifatnya daemonless. Disini ada single point-of-failure. Sehingga jika ada bug atau apa, docker akan lebih rentan bisa menganggu host. Selain itu hal ini mengharuskan user yang ingin menjalankan container harus tergabung dalam group docker. Berbeda dengan podman dimana container yang dijalankan akan menjadi child-process dari user yang menjalankan.

Ada update pada runtime docker? Kita harus me-restart daemon docker dan artinya akan me-restart semua container yang berjalan.

Docker (katanya) fokus pada masing-masing container dan mengandalkan tool docker-compose untuk membungkus beberapa container, sedangkan podman mengenal konsep pod secara native yang menyerupai konsep pada pengoperasian #kubernetes. Bahkan podman bisa membuat yaml kubernetes dari pod.

Podman hanya kalah popular. Mungkin ini disebabkan karena docker adalah pelopor yang sukses. Mungkin anda akan berpikir kan banyaknya container-container yang tersedia adalah untuk docker seperti yang tersaji di Docker Hub. Tapi tahukah anda? Container image podman dan docker adalah sama, mengikuti standar OCI (Open Container Initiative). Jadi anda dapat menjalankan semua container image yang tersedia di Docker Hub dan container registry lain seperti #ghcr atau #quay dengan menggunakan podman.

Integrasi container-container dengan sistem juga akan lebih sederhana (kalau anda sudah menyadarinya). Docker menggunakan mekanisme sendiri untuk start/stop/restart container. Sedangkan container pada podman bisa sangat terintegrasi dengan #systemd, apalagi sejak dikenalkannya #quadlet. Format file quadlet sangatlah identik dengan file unit servis systemd. Dengan penggunaan quadlet, anda dapat start/stop/restart dengan menggunakan systemctl nya systemd.

PS: Penjelasan tadi adalah jawaban formal. Sebenarnya mengapa saya menggunakan podman adalah karena saya pengguna setia environment #Fedora dan #RHEL ✌✌✌✌✌
Jiri GrönroosMar 31
When testing #Podman 5.8 and #containers on #Fedora 44 Beta, #Quadletman https://github.com/mikkovihonen/quadletman proved to be a nice addition to tools. With #Quadlet Multi-File Install, you have a multi-container setup, similar to Compose, managed by #systemd on #Linux. #opensource #quadlets
GitHub - mikkovihonen/quadletman: Web application for managing rootless podman containers with quadlets and systemd

Web application for managing rootless podman containers with quadlets and systemd - mikkovihonen/quadletman

GitHub