Podman, Quadlets, and systemd
For a rootless setup, we can use quadlets and systemd to manage the container lifecycle.
Important
If this is the first container managed with quadlets for your user, ensure that linger is enabled so your containers are not killed after logging out.
sudo loginctl enable-linger <username>
Step One
Copy quadlet files to ~/.config/containers/systemd/tuwunel
tuwunel.container
tuwunel container quadlet
# tuwenel.container
[Unit]
Description=Tuwunel Matrix Homeserver
[Container]
ContainerName=tuwunel-homeserver
Image=ghcr.io/matrix-construct/tuwunel:latest
PublishPort=8008:8008
Volume=tuwunel-db:/var/lib/tuwunel/
#Example location in ~/tuwunel/config/
Volume=%h/tuwunel/config/tuwunel.toml:/etc/tuwunel.toml
EnvironmentFile=tuwunel.env
[Service]
# Uncomment when your system is properly configured, restart=always can mask start up errors.
#Restart=always
[Install]
WantedBy=default.target
tuwunel-db.volume
tuwunel database volume quadlet
[Volume]
VolumeName=tuwunel-db
tuwunel.env
tuwunel environment variable quadlet
TUWUNEL_SERVER_NAME="your.server.tld"
TUWUNEL_PORT=8008
TUWUNEL_MAX_REQUEST_SIZE=20000000
TUWUNEL_ALLOW_REGISTRATION=true
TUWUNEL_REGISTRATION_TOKEN=<replace with a passphrase or random string>
TUWUNEL_ALLOW_FEDERATION=true
TUWUNEL_TRUSTED_SERVERS=["matrix.org"]
TUWUNEL_LOG=info
#Listen on this host for IPv4 and v6
TUWUNEL_ADDRESS=["0.0.0.0", "::"]
#Tell Tuwunel to use the user config file
TUWUNEL_CONFIG=/etc/tuwunel.toml
mkdir -p ~/.config/containers/systemd/tuwunel
Step Two
Modify tuwunel.env and tuwunel.toml
to desired values. This can be saved in your user home directory if desired.
Step Three
- Reload daemon to generate our systemd unit files:
systemctl --user daemon-reload
Step Four
- Start tuwunel:
systemctl --user start tuwunel
Logging
To check the logs, run:
systemctl --user status tuwunel
or
podman logs tuwunel-homeserver
Troubleshooting systemd unit file generation
Look for errors in the output:
/usr/lib/systemd/system-generators/podman-system-generator --user --dryrun