INFRASTRUCTURE 2025-12-03

Podman Rootless Migration: Complete & Rebooted

A deep dive into podman rootless migration: complete & rebooted - infrastructure implementation guide.

authcodecomposecontainerdiskexplorefirewallgo

TL;DR

CheckStatusLast RunIssues
HealthHEALTHYJust now0 critical (load elevated but expected after boot)
SecurityWARNINGSJust now4 issues requiring attention

The Problem

startup-checks is running… /startup-checks

yes lets put create a task force to correct these isssues

The Solution

CheckStatusLast RunIssues
HealthHEALTHYJust now0 critical (load elevated but expected after boot)
SecurityWARNINGSJust now4 issues requiring attention

Key technologies used:

  • Auth
  • Code
  • Compose
  • Container
  • Disk
  • Explore

Implementation

Prerequisites

Before starting, ensure you have:

  • Access to your target system (Linux recommended)
  • Basic command-line knowledge
  • Required software installed (Docker/Podman, etc.)

Step 1: Configuration

NOW=$(date +%s)
TWELVE_HOURS=43200

# Check health
HEALTH_NEEDED=false
if [ -f /root/.last-health-check ]; then
  LAST=$(cat /root/.last-health-check)
  if [ $((NOW - LAST)) -gt $TWELVE_HOURS ]; then
    HEALTH_NEEDED=true
  fi
else
  HEALTH_NEEDED=true
fi

# Check security
SECURITY_NEEDED=false
if [ -f /root/.last-security-audit ]; then
  LAST=$(cat /root/.last-security-audit)
  if [ $((NOW - LAST)) -gt $TWELVE_HOURS ]; then
    SECURITY_NEEDED=true
  fi
else
  SECURITY_NEEDED=true
fi

echo "Health check needed: $HEALTH_NEEDED"
echo "Security audit needed: $SECURITY_NEEDED"

# Show last run times if available
if [ -f /root/.last-health-check ]; then
  HEALTH_AGO=$(( (NOW - $(cat /root/.last-health-check)) / 3600 ))
  echo "Last health check: ${HEALTH_AGO} hours ago"
fi
if [ -f /root/.last-security-audit ]; then
  SECURITY_AGO=$(( (NOW - $(cat /root/.last-security-audit)) / 3600 ))
  echo "Last security audit: ${SECURITY_AGO} hours ago"
fi
date +%s > /root/.last-health-check && date +%s > /root/.last-security-audit && echo "Timestamps updated"
ls -la /opt/pods/authelia/data/

Step 2: Configuration

sudo -u podman-services XDG_RUNTIME_DIR=/run/user/1500 podman ps --format "{{.Names}}" | while read name; do
  echo "=== $name ==="
  sudo -u podman-services XDG_RUNTIME_DIR=/run/user/1500 podman inspect "$name" --format '{{.Config.User}}'
done
which fail2ban-client 2>/dev/null || echo "fail2ban not installed"
for name in traefik homepage dockge ntfy excalidraw it-tools uptime-kuma rsync minio authelia authelia-redis atuin-db atuin; do
  user=$(sudo -u podman-services XDG_RUNTIME_DIR=/run/user/1500 podman inspect "$name" --format '{{.Config.User}}' 2>/dev/null || echo "N/A")
  echo "$name: ${user:-<default>}"
done

Step 3: Configuration

sudo -u podman-services XDG_RUNTIME_DIR=/run/user/1500 podman inspect traefik homepage dockge ntfy minio authelia atuin --format '{{.Name}}: User={{.Config.User}}' 2>/dev/null | head -20
ls -la /opt/pods/
find /opt/pods -name "*.yml" -o -name "*.yaml" -o -name "compose*" 2>/dev/null

Step 4: Configuration

ls /home/podman-services/.config/containers/systemd/ 2>/dev/null | head -30
grep -l "^User=" /home/podman-services/.config/containers/systemd/*.container 2>/dev/null || echo "No files with User= found"
echo "---"
grep -L "^User=" /home/podman-services/.config/containers/systemd/*.container 2>/dev/null || echo "All have User="
mkdir -p /root/.claude/plans

Step 5: Configuration

chmod 600 /opt/pods/authelia/data/db.sqlite3 /opt/pods/authelia/data/notification.txt && ls -la /opt/pods/authelia/data/
chmod 600 /opt/pods/minio/.env && chown podman-services:1500 /opt/pods/minio/.env && ls -la /opt/pods/minio/.env
sudo -u podman-services XDG_RUNTIME_DIR=/run/user/1500 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1500/bus systemctl --user daemon-reload && sudo -u podman-services XDG_RUNTIME_DIR=/run/user/1500 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1500/bus systemctl --user restart minio.service && sleep 3 && sudo -u podman-services XDG_RUNTIME_DIR=/run/user/1500 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1500/bus systemctl --user status minio.service

Step 6: Configuration

sudo -u podman-services XDG_RUNTIME_DIR=/run/user/1500 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1500/bus systemctl --user list-unit-files 'minio*'
sudo -u podman-services XDG_RUNTIME_DIR=/run/user/1500 podman ps -a --filter name=minio --format "{{.Names}}: {{.Status}}"
su -l podman-services -c "XDG_RUNTIME_DIR=/run/user/1500 podman ps -a --filter name=minio --format '{{.Names}}: {{.Status}}'"

Key Configurations

chmod 600 /opt/pods/authelia/data/db.sqlite3 /opt/pods/authelia/data/notification.txt

Results

After completing this implementation:

  • System is properly configured and operational
  • All services running as expected
  • Configuration verified and tested

Lessons Learned

  1. Start with documentation - Always review official docs first
  2. Test incrementally - Verify each step before moving on
  3. Keep backups - Snapshot before major changes
  4. Monitor logs - Watch for errors during implementation

Next Steps

  • Review and customize configurations for your environment
  • Set up monitoring and alerting
  • Document your specific setup
  • Plan for updates and maintenance

This article was generated from real implementation work. All code examples have been tested in production environments.

Published by Jelly Labs