ipfs/kubo

Propose Quadlet for Podman

Open

#10,561 opened on Oct 30, 2024

View on GitHub
 (2 comments) (0 reactions) (0 assignees)Go (13,906 stars) (2,725 forks)batch import
P2help wantedkind/enhancement

Description

Checklist

  • My issue is specific & actionable.
  • I am not suggesting a protocol enhancement.
  • I have searched on the issue tracker for my issue.

Description

Hi,

I really like Kudo project but I didn't want using the desktop application. I prefer using the OCI container.

Using Podman on Fedora, that allows using userns=keep-id I propose that you integrate this in the documentation:

First, the Quadlet file to integrate in ~/.config/containers/systemd/ipfs.container:

[Unit]
Description=IPFS container
After=local-fs.target

[Container]
Image=docker.io/ipfs/kubo:latest
AutoUpdate=true
Volume=%h/.ipfs:/data/ipfs:z
PublishPort=0.0.0.0:8080:8080
PublishPort=127.0.0.1:5001:5001
PublishPort=4001:4001
PublishPort=4001:4001/udp
UserNS=keep-id
ContainerName=ipfs

[Install]
WantedBy=multi-user.target

And possibly, aliases:

alias ipfs="podman exec -it ipfs ipfs"

I only wonder if this could be better:

  • of course, you propose in documentation to mount "/export", but the usage is unclear, is it here to share some data to the container?
  • as the /home directory is empty in the container, and because Podman proposes to keep the user-id, it's possible to mount /home/<myuser> inside the container, and so having exactly the same file tree

For the second point, I can then set the alias to:

alias ipfs='podman exec -w $PWD -it ipfs ipfs'

And the corresponding Quadlet file:

[Unit]
Description=IPFS container
After=local-fs.target

[Container]
Image=docker.io/ipfs/kubo:latest
AutoUpdate=true
Volume=%h/.ipfs:/data/ipfs
Volume=%h:%h
PublishPort=0.0.0.0:8080:8080
PublishPort=127.0.0.1:5001:5001
PublishPort=4001:4001
PublishPort=4001:4001/udp
UserNS=keep-id
ContainerName=ipfs
SecurityLabelDisable=true

[Install]
WantedBy=multi-user.target

Note that, here, I set the SecurityLabelDisable to true to not relabel the home directory.

Could you please tell me if you think that's a good idea?

Contributor guide

Tech stack
docker
Domain
documentation
Issue type
documentation
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
PodmanIPFS basics
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
90
Research direction
The issue proposes adding Quadlet files to run IPFS with Podman. A contributor should examine the existing container documentation in the repository (e.g., the Docker section) and consider both variants of the .container file and aliases. They should test the configuration locally with Podman on Fedora, and decide on the best approach for mounting /export and handling SELinux labels. They may need to ask maintainers about the intended use of /export and whether SecurityLabelDisable is acceptable.