Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Propose Quadlet for Podman #10561

Open
3 tasks done
metal3d opened this issue Oct 30, 2024 · 2 comments
Open
3 tasks done

Propose Quadlet for Podman #10561

metal3d opened this issue Oct 30, 2024 · 2 comments
Labels
help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature P2 Medium: Good to have, but can wait until someone steps up

Comments

@metal3d
Copy link

metal3d commented Oct 30, 2024

Checklist

  • My issue is specific & actionable.
  • I am not suggesting a protocol enhancement.
  • I have searched on the issue tracker for my issue.

Description

Hi,

I really like Kudo project but I didn't want using the desktop application. I prefer using the OCI container.

Using Podman on Fedora, that allows using userns=keep-id I propose that you integrate this in the documentation:

First, the Quadlet file to integrate in ~/.config/containers/systemd/ipfs.container:

[Unit]
Description=IPFS container
After=local-fs.target

[Container]
Image=docker.io/ipfs/kubo:latest
AutoUpdate=true
Volume=%h/.ipfs:/data/ipfs:z
PublishPort=0.0.0.0:8080:8080
PublishPort=127.0.0.1:5001:5001
PublishPort=4001:4001
PublishPort=4001:4001/udp
UserNS=keep-id
ContainerName=ipfs

[Install]
WantedBy=multi-user.target

And possibly, aliases:

alias ipfs="podman exec -it ipfs ipfs"

I only wonder if this could be better:

  • of course, you propose in documentation to mount "/export", but the usage is unclear, is it here to share some data to the container?
  • as the /home directory is empty in the container, and because Podman proposes to keep the user-id, it's possible to mount /home/<myuser> inside the container, and so having exactly the same file tree

For the second point, I can then set the alias to:

alias ipfs='podman exec -w $PWD -it ipfs ipfs'

And the corresponding Quadlet file:

[Unit]
Description=IPFS container
After=local-fs.target

[Container]
Image=docker.io/ipfs/kubo:latest
AutoUpdate=true
Volume=%h/.ipfs:/data/ipfs
Volume=%h:%h
PublishPort=0.0.0.0:8080:8080
PublishPort=127.0.0.1:5001:5001
PublishPort=4001:4001
PublishPort=4001:4001/udp
UserNS=keep-id
ContainerName=ipfs
SecurityLabelDisable=true

[Install]
WantedBy=multi-user.target

Note that, here, I set the SecurityLabelDisable to true to not relabel the home directory.

Could you please tell me if you think that's a good idea?

@metal3d metal3d added the kind/enhancement A net-new feature or improvement to an existing feature label Oct 30, 2024
@gammazero gammazero added help wanted Seeking public contribution on this issue P2 Medium: Good to have, but can wait until someone steps up P3 Low: Not priority right now and removed P3 Low: Not priority right now labels Nov 25, 2024
@gammazero
Copy link
Contributor

  • Mounting /export directory is to allow cli to import or export data.
  • Mounting /data/ipfs is used to access configuration. Change to whatever makes sense for you.

Feel free to open a PR that adds Podman docs to the docs directory.

@metal3d
Copy link
Author

metal3d commented Dec 21, 2024

I will take some time to do it. I'm currently trying to make the Quadlet a bit more extensible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature P2 Medium: Good to have, but can wait until someone steps up
Projects
None yet
Development

No branches or pull requests

2 participants