Before I dabbled a bit with Docker. I wanted to dabble a bit with Podman because it seemed quite interesting. I reinstalled Pi OS Lite on my Pi 3B+ and installed Podman. Then I figured out what to run and started digging through the documentation. Apparently Docker containers work quite similar and even Docker compose can be used. Then I came across the auto update function and stumbled upon quadlets to use auto update and got confused. Then I tried reading up on Podman rootless and rootful and networking stuff and really got lost.

I want to run the following services:

  • Heimdall
  • Adguard Home
  • Jellyfin
  • Vaultwarden
  • Nextcloud

I am not sure a Pi is even powerful enough to run these things but I am even more unsure about how to set things up. Do I use quadlets? Do I run containers? How do I do the networking so I can reach the containers (maybe even outside my home)?

Can someone point me in the right direction? I can’t seem to find the needed information.

  • Nibodhika@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    3 months ago

    Use docker, once you’re comfortable with it then switch to Podman. Podman has a few more complications, so it’s easier to get the base thing running using the most common tool, and work from there.

    • tmpod@lemmy.pt
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      This is a good suggestion. Docker is more mature and has more resources, so it’s better to learn the ins and outs of containers. After getting comfortable with it, you can move to Podman and have a much better time tackling its peculiarities regarding permissions and rootless.

      I used Docker for years and only recently decided to give Podman a try, porting my Lemmy instance to it.

  • PrivateNoob@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    3 months ago

    I’m a pretty Podman novice guy too but I’m running quadlets since it automatically creates and runs these containers just like the other services would be with systemd. In terms of networking I can usually access to my container via publishing a port and using the PC’s IP where the container is running, and this is the default network that Podman uses initially.

    I have a Jellyfin quadlet config, that may help you. I’ve had numerous sufferings to make a working one, but here you go (These 3 files are in ~/.config/containers/systemd/jellyfin):

    Description=Jellyfin Media Server
    After=network.target
    
    [Container]
    Image=lscr.io/linuxserver/jellyfin:latest
    PublishPort=8096:8096
    Volume=jellyfin-config.volume:/config:Z
    Volume=jellyfin-cache:/cache:Z
    Volume=/home/USERNAME/media/storage1/Filmek:/data/Filmek:Z,U
    Volume=/home/USERNAME/media/storage1/Sorozatok:/data/Sorozatok:Z,U
    
    [Service]
    Restart=on-failure
    
    [Install]
    WantedBy=default.target
    
    [Unit]
    Description=Jellyfin Cache Volume
    
    [Volume]
    
    [Unit]
    Description=Jellyfin Config Volume
    
    [Volume]
    

    Please do ask questions if you have any. ^^

  • tekeous@usenet.lol
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    9
    ·
    edit-2
    3 months ago

    Podman is quickly becoming shit as Red Hat continues to remove features and recommend you use Kubernetes. I ended up removing it from my servers and switching to Debian from Fedora because I don’t like Red Hat mucking about with our open source community software.

    I still run Docker.

      • nottelling@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        3 months ago

        It isn’t. It’s architecture changes pretty significantly with each version, which is annoying when you need it to be stable. It’s also dominated by Redhat, which is a legit concern since they’ll likely start paywalling capabilities eventually.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          3 months ago

          I have never seen any of those things. Podman is fast and rootless with almost no overhead. It has good compatibility with docker as well.

          Also it would make zero sense to paywall podman as Kubernetes exists. Anyway RHEL is payed anyway.

          • nottelling@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            3 months ago

            Just cause you’ve never seen them doesn’t make it not true.

            Try using quadlet and a .container file on current Debian stable. It doesn’t work. Architecture changed, quadlet is now recommended.

            Try setting device permissions in the container after updating to Debian testing. Also doesn’t work the same way. Architecture changed.

            Redhat hasn’t ruined it yet, but Ansible should provide a pretty good idea of the potential trajectory.

  • elephantium@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    3 months ago

    I use podman at work, mostly just a Docker replacement. My biggest problem with it is typing “pdoman” in commands by mistake.

  • akash_rawal@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    3 months ago

    For me the value of podman is how easily it works without root. Just install and run, no need for sudo or adding myself to docker group.

    I use it for testing and dev work, not for running any services.

  • exu@feditown.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    3 months ago

    I use podman mainly because it’s very easy to manage using systemd services. Unfortunately, the command for generating these service files, podman-generate, is deprecated and won’t receive new features.

    Auto updating is done just using a simple tag and enabling a systemd timer to do it regularly for you.

    It’s easiest to start with the rootful mode, you won’t have additional settings to set and no issues with permissions, UIDs and networking.

    For networking, I always create a network per service I want to run. For example Nextcloud and its database would go in one network and you’d only forward the port for the webinterface for outside access.

    In addition to networks I also use pods, this basically groups the containers together to start/stop them as one. If you use this, you have to set your port forwarding here.

    • poVoq@slrpnk.net
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      3 months ago

      Podman-generate was replaced by Quadlet .container files, which works better.

      And a Pod also has it’s own virtual network, why manually create one?

      • exu@feditown.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        I haven’t taken the time yet to switch my Ansible playbooks to Quadlet, so can’t comment on that.

        I only skimmed the manpages, thanks for the info.

  • :twiz: @behold.mylegendary.quest
    link
    fedilink
    arrow-up
    7
    arrow-down
    2
    ·
    edit-2
    3 months ago

    @MightyCuriosity@sh.itjust.works @selfhosted@lemmy.world

    A raspberry pi is not going to be powerful enough to run these things beyond a test setup or, a really small use-case. I’d only setup #Nextcloud with the SQlite setup. And don’t plan on using it for mass storage. and for heaven sakes keep a backup. :shiba_please:

    That said, if your goal is simply to run these out of your home and you want to access it beyond your intranet, all you would need is a VPN back to your house.

    Avoid openVPN :openvpn: Simply because it’s a resource hog, albeit the more reliable option. Wireguard would be better especially considering you’re already going to be bottlenecked by the pi :raspberrypi:

    I’d recommend wireguard. here’s a guide.

    I don’t know much about Podman or Quadlets. But, a Docker instance will work just fine. :docker:

    Updates are not too tricky in my opinion. I can share my own update script for my Docker Nextcloud setup if you want. It’d probably be adaptable for jellyfin and whatever else.

    Just make sure you expose the Nextcloud data directory as a volume outside the container. and before you back it up always try to update so that if you have to reinstall you’ll have a better chance of having a compatible backup.

    • MightyCuriosity@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      Thanks! Looks interesting. I am not quite a fan of the performance hit a VPN brings but I feel like it’s something that I need to deal with in order to suit my usecase. I thought DDNS could help me out.

      Yeah I might switch back to Docker and use Watchtower to auto update. Thank you again!

      • :twiz: @behold.mylegendary.quest
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        @MightyCuriosity

        Oh, well yeah, you can do that too. In fact, you may not even need a DDNS. I don’t have one for my fedi server, and I only ever had to change the IP on my DNS after we got hit by an earthquake and all of the local datacenters went out.

        I choose not to do the DNS option for 90% of the things I host. Partly because my ISP has limitations on which ports can be exposed and, in general, I prefer not to expose any ports especially when I am serving up my own data.

        But that’s just my paranoia talking. :cat_rock_on:

      • tychosmoose@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        VPN + DDNS is what I do. You may be thinking about the perf hit of putting all your home connections through a VPN. That’s not the idea here. For self hosted services you would set up a wireguard “server” at your house. Then you connect your phone back to it to access your services.

        With Wireguard it’s pretty easy to do a split tunnel, so that the VPN connection is only used for traffic to your home servers. Nothing else is affected, and you have access to your house all the time.

        This is better for security than DDNS + open ports, because you only need a single open UDP port. Port scanners won’t see that you are hosting services and you wouldn’t need to build mitigations for service-specific attacks.

        As far as podman, I am migrating to it from a mix of native and docker services. I agree with others that getting things set up with Docker first will be easier. But having podman as an end goal is good. Daemonless and rootless are big benefits. As are being able to manage it as systemd units via quadlets.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    3 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    IP Internet Protocol
    UDP User Datagram Protocol, for real-time communications
    VPN Virtual Private Network

    3 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

    [Thread #908 for this sub, first seen 6th Aug 2024, 12:35] [FAQ] [Full list] [Contact] [Source code]

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    3 months ago

    The pi 3B+ is not powerful enough for all that. I would get a used minipc as even a old one will run circles around the old Broadcom CPU.

    Podman is similar to docker except for the fact that it is daemonless and rootless by default. To expose things on lower ports you will need to battle permissions. Also podman has pods like kubernetes.

  • lavafroth@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    Not related to containers but I’ve had quite a lot of success using NixOS as the host OS. Setting up services like jellyfin is as simple as adding services.jellyfin.enable = true; to the config file.

  • chevy9294@monero.town
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    3 months ago

    I switched from Docker to Podman, because Podman is more secure (if rootless) but it was just hard to autostart containars. You have to start one by one because they don’t have a central service like docker. And watchtower and nextcloud AIO don’t work on Podman. So I switched back to docker.

    • poVoq@slrpnk.net
      link
      fedilink
      English
      arrow-up
      7
      ·
      3 months ago

      Its actually much easier to autostart containers with Podman, as it has full Systemd integration, so you can handle them like any other service. All you need to do is write a simple .container file for the Podman built-in Quadlet service, which closely follows the normal Systemd .service file syntax.

        • poVoq@slrpnk.net
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          Only once during the initial setup, afterwards its all managed by Systemd. Once you know about it, it takes like one minute max.?