Propose Quadlet for Podman

[metal3d]

Checklist

• My issue is specific & actionable.
• I am not suggesting a protocol enhancement.
• I have searched on the issue tracker for my issue.

Description

Hi,

I really like Kudo project but I didn't want using the desktop application. I prefer using the OCI container.

Using Podman on Fedora, that allows using userns=keep-id I propose that you integrate this in the documentation:

First, the Quadlet file to integrate in ~/.config/containers/systemd/ipfs.container:

[Unit]
Description=IPFS container
After=local-fs.target

[Container]
Image=docker.io/ipfs/kubo:latest
AutoUpdate=true
Volume=%h/.ipfs:/data/ipfs:z
PublishPort=0.0.0.0:8080:8080
PublishPort=127.0.0.1:5001:5001
PublishPort=4001:4001
PublishPort=4001:4001/udp
UserNS=keep-id
ContainerName=ipfs

[Install]
WantedBy=multi-user.target

And possibly, aliases:

alias ipfs="podman exec -it ipfs ipfs"

I only wonder if this could be better:

• of course, you propose in documentation to mount "/export", but the usage is unclear, is it here to share some data to the container?
• as the /home directory is empty in the container, and because Podman proposes to keep the user-id, it's possible to mount /home/<myuser> inside the container, and so having exactly the same file tree

For the second point, I can then set the alias to:

alias ipfs='podman exec -w $PWD -it ipfs ipfs'

And the corresponding Quadlet file:

[Unit]
Description=IPFS container
After=local-fs.target

[Container]
Image=docker.io/ipfs/kubo:latest
AutoUpdate=true
Volume=%h/.ipfs:/data/ipfs
Volume=%h:%h
PublishPort=0.0.0.0:8080:8080
PublishPort=127.0.0.1:5001:5001
PublishPort=4001:4001
PublishPort=4001:4001/udp
UserNS=keep-id
ContainerName=ipfs
SecurityLabelDisable=true

[Install]
WantedBy=multi-user.target

Note that, here, I set the SecurityLabelDisable to true to not relabel the home directory.

Could you please tell me if you think that's a good idea?