Document Podman

diff --git a/personal_infra/README.md b/personal_infra/README.md
index 522786e9674b947374442781da5b70fabd7058cc..a3249853aa66d81fba986f86bbe7abda94f98a01 100644 (file)
--- a/personal_infra/README.md
+++ b/personal_infra/README.md
@@ -50,3 +50,7 @@ For the moment, I'm managing the following distros using this setup.
 
 I perform catalog compilation on my laptop running EL9.
 Although [support across Puppet 5.5-7 is not documented](https://www.puppet.com/docs/puppet/7/platform_lifecycle.html#primary-agent-compatibility), catalogs still seem to be compatible.
+
+## Misc
+
+* [Podman](podman.md)

diff --git a/personal_infra/podman.md b/personal_infra/podman.md
new file mode 100644 (file)
index 0000000..703b6ed
--- /dev/null
+++ b/personal_infra/podman.md
@@ -0,0 +1,26 @@
+# Podman
+
+You can create LXC containers in Proxmox (using ZFS) that can run rootless Podman.
+
+The [`proxmox_create_lxc`](playbooks/roles/proxmox_create_lxc/) role can create the LXC container with the necessary options with the following configuration:
+
+```
+proxmox:
+...
+  privileged: true
+  features: fuse=1,nesting=1
+  extra:
+    - "lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file"
+    - "lxc.cgroup2.devices.allow: c 10:200 rwm"
+```
+
+The [`podman`](puppet/modules/podman/) Puppet module can add the necessary configuration:
+
+```
+class {'podman':
+  user => 'your_username',
+  storage_driver => 'zfs',
+}
+```
+
+This module configures subuids/subgids, but until you reboot, you will get some warnings using Podman.