I had to restore my homelab and took the opportunity to move from docker to rootless podman quadlets. Well almost full rootless, I kept pi-hole and caddy at the root level because I did not want to deal with sysctl.
I have everything running but for now I have to disable my firewall. With docker I was using this script: https://github.com/chaifeng/ufw-docker But I’m having a hard time finding an alternative for podman.
Do you know how any scripts that would magically fix podman and ufw? Would it be a better solution for me to manage iptables manually?
My needs are pretty simple as I do not really care if the ports are visible on my private network, I just want to allow specific IPs on port 80 and 443.
Edit: the issue I’m facing is that I’m allowing some specific IPs to access my network, but when I enable ufw the traffic is blocked. I had the same rules using docker and everything was working fine. I can notice that sometimes the traffic goes through and other time it is blocked. Much like with docker when you don’t use the script and the traffic will be blocked or not depending on what wrote the iptables rules last.
What expected problems did podman end up surorising you with? Is the software more stable and not constantly updated like docker? I want to move to podman at some point as well and I understand for a lot of cases it is just “drop in” but I run a lot of containers and I’m skeptical it’ll be that simple.
Especially with software distros like home assistant and matrix both explicitly pushing you to official docker due to some features.
I switched at work because of the license changes docker did. I noticed that for my work workflow, podman was a direct remplacement of docker.
For my homelab, I wanted to experiment with rootless and I also prefer to have my services handled by systemd. Also I really like the built-in auto update from podman
The hardest part for me was to switch from docker compose to quadlets, but there is podlet to help with the conversion.
https://github.com/containers/podlet
I stayed with podman compose. Do the quadlets specification have an advantage?
If it works for you, there is no reason to switch.
The benefit for me is mostly the systemd integration (e.g. do a simple DB backup before running the container using
StartExecPre) & the corresponding unified logging with journalctl. Then there is auto update and boot persistence without having to run an additional process.Cheers! :)