mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-07-23 12:16:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

docs(podman): Combine rootful + rootless self-start sections

Browse source 
Additionally bring the deprecation notice into this section.
This commit is contained in:
Brennan Kinney 2025-05-06 18:05:57 +12:00 committed by GitHub
parent 54c983dc20
commit dd2a912d78
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 35 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

68
docs/content/config/advanced/podman.md
View file

@ -45,16 +45,6 @@ docker compose ps
You should see that docker-mailserver is running now.
### Self-start in Rootful Mode
Podman is daemonless, that means if you want docker-mailserver self-start while boot up the system, you have to generate a systemd file with Podman CLI.
```bash
podman generate systemd mailserver > /etc/systemd/system/mailserver.service
systemctl daemon-reload
systemctl enable --now mailserver.service
```
## Installation in Rootless Mode
Running [rootless containers][podman-docs::rootless-mode] is one of Podman's major features. But due to some restrictions, deploying docker-mailserver in rootless mode is not as easy compared to rootful mode.
@ -98,10 +88,6 @@ docker compose ps
### Rootless Quadlet
!!! warning "`podman generate systemd` is deprecated"
The [`podman generate systemd`][podman-docs::cli::generate-systemd] command has been deprecated [since Podman v4.7][gh::podman::release-4.7] (Sep 2023) in favor of Quadlets (_available [since Podman v4.4][gh::podman::release-4.4]_).
!!! info "What is a Quadlet?"
A [Quadlet][podman::quadlet::introduction] file uses the [systemd config format][systemd-docs::config-syntax] which is similar to the INI format.
@ -260,7 +246,7 @@ Podman supports a few different approaches for this functionality. For rootless
??? warning "Impact on disk usage of images with Rootless"
**NOTE:** This should not usually be a concern, but has been documented here to explain the impact of creating new user namespaces (_such as by running a container with settings like `UIDMap` that differ between runs_).
**NOTE:** This should not usually be a concern, but is documented here to explain the impact of creating new user namespaces (_such as by running a container with settings like `UIDMap` that differ between runs_).
---
@ -275,6 +261,40 @@ Podman supports a few different approaches for this functionality. For rootless
- `UIDMap=+0:@%U` is equivalent from ID 2 onwards.
- `UIDMap=+5000:@%U` is equivalent from ID 5001 onwards. This is relevant with DMS as the container UID 200 is assigned to ClamAV, the offset introduced will now incur a `chown` copy of 230MB.
## Start DMS container at boot
Unlike Docker, Podman is daemonless thus containers do not start at boot. You can create your own systemd service to schedule this or use the Podman CLI.
!!! warning "`podman generate systemd` is deprecated"
The [`podman generate systemd`][podman-docs::cli::generate-systemd] command has been deprecated [since Podman v4.7][gh::podman::release-4.7] (Sep 2023) in favor of Quadlets (_available [since Podman v4.4][gh::podman::release-4.4]_).
!!! example "Create a systemd service"
Use the Podman CLI to generate a systemd service at the rootful or rootless location.
=== "Rootful"
```bash
podman generate systemd mailserver > /etc/systemd/system/mailserver.service
systemctl daemon-reload
systemctl enable --now mailserver.service
```
=== "Rootless"
```bash
podman generate systemd mailserver > ~/.config/systemd/user/mailserver.service
systemctl --user daemon-reload
systemctl enable --user --now mailserver.service
```
A systemd user service will only start when that specific user logs in and stops when after log out. To instead allow user services to run when that user has no active session running run:
```bash
loginctl enable-linger <username>
```
### Security in Rootless Mode
In rootless mode, podman resolves all incoming IPs as localhost, which results in an open gateway in the default configuration. There are two workarounds to fix this problem, both of which have their own drawbacks.
@ -321,24 +341,6 @@ You must also add the ENV `NETWORK_INTERFACE=tap0`, because Podman uses a [hard-
`podman-compose` is not compatible with this configuration.
### Self-start in Rootless Mode
Generate a systemd file with the Podman CLI.
```bash
podman generate systemd mailserver > ~/.config/systemd/user/mailserver.service
systemctl --user daemon-reload
systemctl enable --user --now mailserver.service
```
Systemd's user space service is only started when a specific user logs in and stops when you log out. In order to make it to start with the system, we need to enable linger with `loginctl`
```bash
loginctl enable-linger <username>
```
Remember to run this command as root user.
### Port Forwarding
When it comes to forwarding ports using `firewalld`, see [these port forwarding docs][firewalld-port-forwarding] for more information.