Podman #7 – Enough, Just Give Me the Files

September 24, 2025

By now, we’ve gone through rootful/rootless containers, networking, pods, and even WordPress. Sometimes you just want the files, put them in the right place, and start things. Here’s a “all-in-one” reference for your Quadlets.

0. Enable User Linger

Before rootless services can run when you’re not logged in, enable lingering for your user:

sudo loginctl enable-linger $UID

0b. Create Required Directories

Create the folders for Quadlets and persistent container storage:

mkdir -p ~/.config/containers/systemd
mkdir -p ~/.local/share/containers/storage/volumes/wp-mariadb
mkdir -p ~/.local/share/containers/storage/volumes/wp-html

0c. Create Secrets

Before starting the containers, create the secrets required for MariaDB and WordPress:

# MariaDB root password
echo -n "example-root-pw" | podman secret create blog_db_rootpassword -

# Database name
echo -n "wordpress" | podman secret create blog_db_name -

# Database user
echo -n "wpuser" | podman secret create blog_db_user -

# User password
echo -n "example-wp-pw" | podman secret create blog_db_password -

Verify the secrets:

podman secret ls

1. Network Quadlet

nano ~/.config/containers/systemd/intisostrictnet.network

[Unit]
Description=Isolated internal network

[Network]
Driver=bridge
Internal=true
Options=isolate=strict

[Install]
WantedBy=default.target

2. Pod Quadlet

nano ~/.config/containers/systemd/podracer.pod

[Unit]
Description=It goes brrrrr

[Pod]
PublishPort=8080:80
Network=intisostrictnet.network

[Install]
WantedBy=default.target

3. MariaDB Container

nano ~/.config/containers/systemd/mariadb.container

[Unit]
Description=MariaDB container for WordPress
PartOf=podracer.pod

[Container]
Image=docker.io/library/mariadb:11
Pod=podracer.pod
AutoUpdate=registry
StartWithPod=true
NoNewPrivileges=true
ContainerName=mariadb
Volume=%h/.local/share/containers/storage/volumes/wp-mariadb:/var/lib/mysql:z
Secret=blog_db_name,type=env,target=MYSQL_DATABASE
Secret=blog_db_user,type=env,target=MYSQL_USER
Secret=blog_db_password,type=env,target=MYSQL_PASSWORD
Secret=blog_db_rootpassword,type=env,target=MARIADB_ROOT_PASSWORD

[Service]
Restart=always

4. WordPress Container

nano ~/.config/containers/systemd/wordpress.container

[Unit]
Description=WordPress container
PartOf=podracer.pod
After=mariadb.service

[Container]
Image=docker.io/library/wordpress:latest
Pod=podracer.pod
AutoUpdate=registry
StartWithPod=true
NoNewPrivileges=true
ContainerName=wordpress
Volume=%h/.local/share/containers/storage/volumes/wp-html:/var/www/html:z
Secret=blog_db_name,type=env,target=WORDPRESS_DB_NAME
Secret=blog_db_user,type=env,target=WORDPRESS_DB_USER
Secret=blog_db_password,type=env,target=WORDPRESS_DB_PASSWORD
Environment=WORDPRESS_DB_HOST=127.0.0.1

[Service]
Restart=always

5. Start Everything

Reload systemd and start the services:

systemctl --user daemon-reload

Check if the service was created:

ls /run/user/$UID/systemd/generator/

systemctl --user start intisostrictnet-network.service
systemctl --user start podracer-pod.service

The containers will start automatically with the pod as specified in the Quadlet.

systemctl --user start mariadb.service
systemctl --user start wordpress.service

6. Troubleshoot

If something doesn’t start, check the generator:

/usr/lib/systemd/user-generators/podman-user-generator -dryrun

Follow logs with:

journalctl -fe

Or check container logs directly:

podman logs <container_name>

7. Access WordPress

If everything started correctly, open your browser and go to http://localhost:8080 to configure WordPress.