zlacker

And this was one of the reason why I switched to Podman. I haven't looked back since.

replies(1): >>MortyW+04

>>anthro+(OP)
I want to use Podman but I keep reading the team feels podman-compose to be some crappy workaround they don’t really want to keep.

This is daunting because:

Take 50 random popular open source self-hostable solutions and the instructions are invariably: normal bare installation or docker compose.

So what’s the ideal setup when using podman? Use compose anyway and hope it won’t be deprecated, or use SystemD as Podman suggests as a replacement for Compose?

replies(7): >>somebe+o4 >>Cyph0n+x4 >>Raqbit+15 >>diggan+N6 >>anthro+b7 >>thedan+5d >>eadmun+OH

>>MortyW+04
podman rootless running services with quadlet is not a bad start.

replies(3): >>pahae+M5 >>smarx0+a7 >>Quizzi+N7

>>MortyW+04
There is a third option: enable the Docker socket and use Docker Compose as usual.

https://github.com/containers/podman/blob/main/docs/tutorial...

replies(1): >>mschus+Me

>>MortyW+04
You can install docker's compose plugin, and podman is able to use it via "podman compose": https://docs.podman.io/en/stable/markdown/podman-compose.1.h...

>>somebe+o4
Quadlets are pretty nice but require podman > 4.4 to function properly. Debian 12, for example, still only has podman ~4.3 in its repos.

>>MortyW+04
> So what’s the ideal setup when using podman? Use compose anyway and hope it won’t be deprecated, or use SystemD as Podman suggests as a replacement for Compose?

After moving from bare to compose to docker-compose to podman-compose and bunch of things in-between (homegrown Clojure config-evaluators, ansible, terraform, make/just, a bunch more), I finally settled on using Nix for managing containers.

It's basically the same as docker-compose except you get to do it with proper code (although Nix :/ ) and as a extra benefit, get to avoid YAML.

You can switch the backend/use multiple ones as well, and relatively easy to configure as long as you can survive learning the basics of the language: https://wiki.nixos.org/wiki/Docker

replies(1): >>0xCMP+wb

>>somebe+o4
Is there a tool/tutorial that assumes that I already have a running docker compose setup instead of starting with some toy examples? Basically, I am totally excited about using systemd that I already have on my system instead of adding a new daemon/orchestrator but I feel that the gap between quadlet 101 and migrating quite a complex docker compose YAML to podman/quadlet is quite large.

replies(2): >>somebe+gg >>anthro+Lc2

>>MortyW+04
Podman supports kubernetes YAML or the quadlets option. It's fairly easy to convert docker-compose to one of these.

Nowaday I just ask genAI to convert docker-compose to one of the above options and it almost always works.

replies(1): >>smarx0+4b

>>somebe+o4
I'm still using systemd. Podman keeps telling to use quadlets :)

>>anthro+b7
Is there a blog post/tutorial on how to take a fairly complex docker-compose.yml and migrate it to quadlets?

UPD: hmm, seems quite promising - https://chat.mistral.ai/chat/1d8e15e9-2d1a-48c8-be3a-856254e...

>>diggan+N6
Of course, that means you need to run NixOS for that to work (which I also do everywhere) and there are networking problems with Docker/Podman in NixOS you need to address yourself. Whereas Docker "runs anywhere" these days.

Worth noting the tradeoffs, but I agree using Nix for this makes life more pleasant and easy to maintain.

replies(2): >>diggan+df >>libecl+sl

>>MortyW+04
I use docker compose for development because it's easy to spin up an entire project at once. Tried switching to podman compose but it didn't work out of the box and I wasn't motivated to fix it.

For "production" (my homelab server), I switched from docker compose to podman quadlets (systemd) and it was pretty straightforward. I actually like it better than compose because, for example, I can ensure a containers dependencies (e.g. database, filesystem mounts) are started first. You can kind of do that with compose but it's very limited. Also, systemd is much more configurable when it comes to dealing service failures.

>>Cyph0n+x4
Docker Compose would not prevent you from doing a "publish port to 0.0.0.0/0", it's not much more than a (very convenient) wrapper around "docker build" and "docker run".

And many if not as good as all examples of docker-compose descriptor files don't care about that. Images that use different networks for exposed services and backend services (db, redis, ...) are the rare exception.

replies(1): >>Cyph0n+pf

>>0xCMP+wb
> that means you need to run NixOS for that to work

Does it? I'm pretty sure you're able to run Nix (the package manager) on Arch Linux for example, I'm also pretty sure you can do that on things like macOS too but that I haven't tested myself.

Or maybe something regarding this has changed recently?

replies(1): >>0xCMP+xE

>>mschus+Me
Are you sure about that? Because I was under the impression that these firewall rules are configured by Docker. So if you use Docker Compose with Podman emulating the Docker socket, this shouldn’t happen.

Maybe someone more knowledgeable can comment.

replies(1): >>smarx0+Fl

>>smarx0+a7
There was not such a tool when I learned how to do this. Quadlet is relatively new (podman 5) so lots of podman/systemd documentation refers to podman commands that generate systemd unit files. I agree there is a gap.

>>0xCMP+wb
You don't need NixOS to use Nix as a package manager/build system

replies(1): >>brnt+5n

>>Cyph0n+pf
I think you are both correct, see >>42602429 - the socket would still listen on 0.0.0.0 but podman would not punch holes.

replies(1): >>Cyph0n+5u

>>libecl+sl
If you configure your server(s) through nix and nix containers, then even without another host OS you are basically running nix.

>>smarx0+Fl
Aha, thanks for confirming! Yes, this was the behavior I was talking about.

I encountered it with Docker on NixOS and found it confusing. They have since documented this behavior: https://search.nixos.org/options?channel=24.11&show=virtuali...

>>diggan+df
sorry, yes to build it is fine, but managing them with Nix (e.g. dealing with which ports to expose and etc like in the article) requires NixOS.

edit: I actually never checked, but I guess nothing stops home-manager or nix-darwin from working too, but I don't think either supports running containers by default. EOD all NixOS does is make a systemd service which runs `docker run ..` for you.

>>MortyW+04
Honestly, I just use a small k8s cluster, and convert the docker compose config to k8s config.

>>smarx0+a7
Search for podlet. It lets you do what you want.

replies(2): >>smarx0+QN3 >>MortyW+y78

>>anthro+Lc2
WOW, thank you!

>>anthro+Lc2
So does this really work for practically any docker compose file you may find in self hostable projects?