Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
plagiarist 3 hours ago

The problem is not systemd vs SysV et al, the problem is systemd spreading like a cancer throughout the entire operating system.

Also trying to use systemd with podman is frustrating as hell. You just cannot run a system service using podman as a non-root user and have it work correctly.

storystarling 3 hours ago | parent | next [-]

Quadlet actually solves this. It's the newer way to define containers for systemd and handles the rootless user case properly. I migrated my services to it recently and it's much more robust than the old generate scripts.

forty 3 hours ago | parent | next [-]

Quadlet are great but running podman via systemd as a non root user worked perfectly well before quadlets and I have no idea what your parent is talking about (I'm currently in the process of converting my home services from rootless podman over systemd to quadlet)

storystarling 2 hours ago | parent [-]

Fair, it worked, but podman generate systemd is deprecated now. I found the generated unit files pretty brittle to maintain compared to just having a declarative config that handles the lifecycle.

plagiarist 2 hours ago | parent | prev [-]

Could you give an example system-level quadlet that accepts connections on a low port, like 80, but runs the actual container as a non-root user (and plays nice with systemd, no force kill after timeout to stop, no reporting as failed for a successful stop)?

My understanding is quadlet does not solve this, and my options are calling "systemctl --user" or "--userns auto". I would love to be wrong here.

storystarling 2 hours ago | parent [-]

I solved the port 80 issue by adding AmbientCapabilities=CAP_NET_BIND_SERVICE to the Service section of the unit file. That lets you bind privileged ports while still defining a User= line to run non-root. The lifecycle management seems solid in my experience, no force kills required.

plagiarist an hour ago | parent [-]

Well, thank you, I will give it a try

cyberax 2 hours ago | parent | prev [-]

> You just cannot run a system service using podman as a non-root user and have it work correctly.

Err... You just need to run `podman-compose systemd`?

I have my entire self-hosted stack running with systemd-controlled Podman, in regular user accounts.