Collection of cookbooks for Podman Quadlets

Nicolas Massé 2dcec43f7c doc		1 week ago
cookbooks	fix missing dirs + doc	2 weeks ago
docs	doc	1 week ago
scripts	fix missing dirs + doc	2 weeks ago
tests	generate tarball	2 months ago
.gitignore	generate tarball	2 months ago
CLAUDE.md	update Claude instructions	4 weeks ago
README.md	doc	1 week ago
conftest.py	dedicated DNS suffix for each cookbook and test	2 months ago
local.bu.template	WiP	5 months ago
pyproject.toml	first draft of traefik integration tests with ACME!	2 months ago

README.md

Podman Quadlet Cookbook

Podman Quadlets are awesome, but vastly under-utilized in the Open Source communities. This repository gathers all the recipes (hence the name "Cookbook") to deploy Open Source technologies using Podman Quadlets.

Each Cookbook is designed to run securely on an immutable Fedora CoreOS system: containers run as dedicated, non-root users with SELinux enforcing, and each Systemd unit performs a single, well-defined task. Cookbooks are composable building blocks — declare a dependency (e.g. postgresql, traefik) and it is installed and wired up automatically, configuration hooks included.

A common Makefile-based tooling (make install, make package, make pytest, ...) takes care of generating Quadlet/Systemd units, Butane/Ignition specs, and end-to-end tests, following a "convention over configuration" approach: drop your files in the right place and the tooling does the rest. See the Developer's Guide for details.

Available Cookbooks

base: base configuration for Fedora CoreOS with fastfetch, tmpfiles setup, and QEMU guest agent.
forgejo: self-hosted Git service (formerly Gitea), a lightweight GitHub/GitLab alternative, with PostgreSQL backend.
keycloak: open source identity and access management server with PostgreSQL backend.
lego: Let's Encrypt/ACME client for automatic SSL/TLS certificate management and renewal.
miniflux: minimalist RSS/Atom feed reader with PostgreSQL backend.
nextcloud: self-hosted file sync and share platform with all its dependencies, handles automated upgrades.
nftables: system-wide nftables firewall rules, composable via hooks from other cookbooks.
nginx: Nginx web server with content initialized and updated from a GIT repository.
ntfy: simple HTTP-based pub-sub notification service with PostgreSQL backend.
postgresql: PostgreSQL database server with automated major upgrades, periodic backup and restore capabilities.
qemu-user-static: multi-architecture container support using QEMU user-mode emulation.
quay: self-hosted container registry with Clair vulnerability scanning, image storage and proxy caching.
redis: in-memory data store used as a cache/queue backend by other cookbooks.
restic-server: REST server backend for restic backups with append-only mode and Prometheus metrics.
samba: SMB/CIFS file sharing server for network storage access.
seedbox: complete media server stack with Radarr, Sonarr, Lidarr, Prowlarr, qBittorrent, Jellyfin, and FlareSolverr.
smtprelay: small SMTP relay/proxy that forwards mail to an upstream smarthost (Mailgun, Gmail, ...).
traefik: modern HTTP reverse proxy and load balancer with automatic service discovery.
unifi: Unifi Network Application with its MongoDB database backend.
vaultwarden: Bitwarden-compatible password manager server with PostgreSQL backend.
vmagent: Victoria Metrics agent for collecting and forwarding metrics.
vsftpd: secure FTP server with TLS support and Let's Encrypt certificate integration.

Documentation

Developer's Guide: architecture guidelines, development environment setup, and conventions to write your own Cookbook.
Testing Guide: how to write and run end-to-end tests for a Cookbook.

License

MIT