What to people use and recommend for this? I’ve read a bit about portainer, but I’m still learning - and don’t know what the best solutions are.
Today I have a handful of selfhosted services running on my home machine - mostly installed directly, but a couple running as docker containers. As the scale of my selfhosting has grown, I’ve realized that things would be a lot easier to manage if each service was run as its own container, so that installed services are isolated.
The solution I’m looking for would make it easy (possibly a web UI) for me to monitor, modify, update, and remove containerized services, including networking and storage.
Edit: Also I would only want a FOSS solution.
I’ll second podman quadlets. Good security, full integration with systemd, pods allow applications to easily share a namespace, and you can manage graphically through Cockpit if you really want to.
systemd integration would be nice
Do you have an example of quadlets you defined that share a namespace?
It’s a function of a “pod” within podman.
I wrote the podman examples for AudioMuseAI using a pod: https://github.com/NeptuneHub/AudioMuse-AI/tree/main/deployment/podman-quadlets
And I have an example *arr suite on my GitHub page: https://github.com/K3CAN/podman-arr-quadlets
This is pretty sweet. My docker-compose config is working perfectly and I have no reason to fuck with it, but you’ve got me tempted
Podman quadlets can also auto-update and auto rollback, if needed.
@K3can @silver How do you handle running as other users? I like to run services as their own user, so currently I create a new user and (as them) run podman compose.
Quadlets work like any other systemd service.
You create the user/group you want to run as on the underlying system, then just specify that user/group in the quadlet file.
If you look at my *arr examples, you can see the user and groups they’re running as.
@K3can So you’re running the systemd services as root, and letting systemd change them to their relevant users? Or are you running the systemd services as a non-privileged user, and using container subuid/subgids?
The first one. The service is owned by root, but the application is running as an unprivileged system user.