podman

func ApplyExtraPorts ¶ added in v1.0.0

func ApplyExtraPorts(content string, extraPorts []string) string

ApplyExtraPorts appends extra PublishPort lines to quadlet content.

func BindForLAN ¶ added in v1.8.0

func BindForLAN(content string, lanExposed bool) string

BindForLAN rewrites every PublishPort= line in a quadlet so the host-side bind matches the requested LAN-exposure state. The embedded quadlet files use the unprefixed `PublishPort=80:80` form, which podman interprets as binding 0.0.0.0 (all interfaces). When lanExposed is false (the default safe-on-coffee-shop-wifi state) we rewrite each unprefixed line to `PublishPort=127.0.0.1:80:80` so only the local host can connect; when true, we leave the unprefixed form alone so LAN clients can reach the service.

Lines that already have an explicit IP prefix (lerd-dns binds 127.0.0.1 directly because the LAN path goes through the userspace forwarder, not the publish) are left untouched in both states.

func BuildFPMImage ¶ added in v0.1.14

func BuildFPMImage(version string, local bool) error

BuildFPMImage builds the lerd PHP-FPM image for the given version if it doesn't exist. When local is false, it attempts to pull a pre-built base image from ghcr.io first.

func BuildFPMImageTo ¶ added in v0.5.6

func BuildFPMImageTo(version string, local bool, w io.Writer) error

BuildFPMImageTo builds the PHP-FPM image writing output to w. When local is false, it attempts to pull a pre-built base image from ghcr.io first.

func BundledExtensions ¶ added in v0.5.5

func BundledExtensions() []string

BundledExtensions returns the set of PHP extensions included in the default lerd FPM image.

func ContainerExists ¶

func ContainerExists(name string) (bool, error)

ContainerExists returns true if the named container exists (running or not).

func ContainerRunning ¶

func ContainerRunning(name string) (bool, error)

ContainerRunning returns true if the named container is running.

func ContainerfileHash ¶ added in v0.1.25

func ContainerfileHash() (string, error)

ContainerfileHash returns the SHA-256 hash of the embedded PHP-FPM Containerfile. This is used to detect when images need to be rebuilt after a lerd update.

func DaemonReload ¶

func DaemonReload() error

DaemonReload runs systemctl --user daemon-reload.

func EnsureNetwork ¶

func EnsureNetwork(name string) error

EnsureNetwork creates the named Podman network if it does not already exist.

func EnsureNetworkDNS ¶ added in v1.0.3

func EnsureNetworkDNS(name string, servers []string) error

EnsureNetworkDNS syncs the DNS servers on the named network to the provided list. It drops servers no longer present and adds new ones. This sets the upstream forwarders that aardvark-dns uses, which is necessary on systems where /etc/resolv.conf points to a stub resolver (e.g. 127.0.0.53) that is not reachable from inside the container network namespace.

func EnsureUserIni ¶ added in v0.5.5

func EnsureUserIni(version string) error

EnsureUserIni creates the per-version user php.ini with defaults if it doesn't exist.

func GenerateCustomQuadlet ¶ added in v0.5.4

func GenerateCustomQuadlet(svc *config.CustomService) string

GenerateCustomQuadlet builds a quadlet .container file for a custom service.

func GetQuadletTemplate ¶

func GetQuadletTemplate(name string) (string, error)

GetQuadletTemplate returns the content of a named quadlet template file.

func ImageExists ¶ added in v0.5.6

func ImageExists(image string) bool

ImageExists returns true if the named image is present in the local store.

func NeedsFPMRebuild ¶ added in v0.1.25

func NeedsFPMRebuild() bool

NeedsFPMRebuild returns true if the stored Containerfile hash differs from the current embedded Containerfile, meaning images should be rebuilt.

func NetworkGateway ¶ added in v0.1.14

func NetworkGateway(name string) string

NetworkGateway returns the gateway IP of the named Podman network. Falls back to "127.0.0.1" if it cannot be determined.

func PullImageTo ¶ added in v0.5.6

func PullImageTo(image string, w io.Writer) error

PullImageTo pulls the named image, writing progress output to w.

func QuadletInstalled ¶ added in v0.1.17

func QuadletInstalled(name string) bool

QuadletInstalled returns true if a quadlet .container file exists for the given unit name.

func RebuildFPMImage ¶ added in v0.1.17

func RebuildFPMImage(version string, local bool) error

RebuildFPMImage force-removes and rebuilds the PHP-FPM image for the given version. When local is false, it attempts to pull a pre-built base image from ghcr.io first.

func RebuildFPMImageTo ¶ added in v0.5.6

func RebuildFPMImageTo(version string, local bool, w io.Writer) error

RebuildFPMImageTo force-rebuilds the PHP-FPM image writing output to w. When local is false, it attempts to pull a pre-built base image from ghcr.io first.

func RemoveContainer ¶ added in v1.5.0

func RemoveContainer(name string)

RemoveContainer removes a stopped Podman container by name, ignoring errors if the container does not exist.

func RemoveQuadlet ¶

func RemoveQuadlet(name string) error

RemoveQuadlet removes a Podman quadlet container unit file.

func RestartUnit ¶

func RestartUnit(name string) error

RestartUnit restarts a systemd user unit.

func Run ¶

func Run(args ...string) (string, error)

Run executes podman with the given arguments and returns stdout.

func RunSilent ¶

func RunSilent(args ...string) error

RunSilent executes podman with the given arguments, discarding output.

func ServiceImage ¶ added in v0.5.6

func ServiceImage(quadletName string) string

ServiceImage returns the OCI image name embedded in a named quadlet template. Returns "" if the quadlet or Image line is not found.

func ServiceVersion ¶ added in v1.6.0

func ServiceVersion(quadletName string) string

ServiceVersion extracts the major version from a built-in service's image tag. For example: mysql:8.0 → "8.0", postgis/postgis:16-3.5-alpine → "16", redis:7-alpine → "7", meilisearch:v1.7 → "1.7". Returns "" if the version cannot be determined.

func StartUnit ¶

func StartUnit(name string) error

StartUnit starts a systemd user unit.

func StopUnit ¶

func StopUnit(name string) error

StopUnit stops a systemd user unit.

func StoreFPMHash ¶ added in v0.1.25

func StoreFPMHash() error

StoreFPMHash writes the current Containerfile hash to disk.

func StripInstallSection ¶ added in v1.9.0

func StripInstallSection(content string, autostartDisabled bool) string

StripInstallSection removes the [Install] section from a quadlet's content when autostartDisabled is true, and returns the input unchanged when false.

Quadlets are special: a `[Install] WantedBy=default.target` clause causes the podman-system-generator to create a symlink in `/run/user/$UID/systemd/generator/default.target.wants/` on every daemon-reload, which makes the unit auto-start at login regardless of `systemctl --user enable/disable` (those don't apply to generator units). The only way to actually stop a quadlet from auto-starting is to drop the [Install] section from the source .container file before the generator sees it. WriteQuadletDiff calls this centrally so every code path that writes a quadlet (install, services, MCP server, custom-service generator) honours the global autostart setting without each having to remember.

func UnitStatus ¶

func UnitStatus(name string) (string, error)

UnitStatus returns the active state of a systemd user unit.

func WaitReady ¶ added in v1.2.2

func WaitReady(service string, timeout time.Duration) error

WaitReady polls until the named service is ready to accept connections, or timeout is reached. Readiness is tested by running a lightweight probe inside the container: mysqladmin ping for mysql, pg_isready for postgres. For other services it falls back to waiting until the systemd unit is "active".

func WriteContainerHosts ¶ added in v1.2.4

func WriteContainerHosts() error

WriteContainerHosts writes the shared hosts file that is bind-mounted into every PHP-FPM container at /etc/hosts. It contains the standard loopback entries, host.containers.internal, and one entry per linked site pointing to host.containers.internal (169.254.1.2) so that .test domains resolve correctly inside containers without requiring a container restart when sites are added or removed.

func WriteFPMQuadlet ¶ added in v0.4.0

func WriteFPMQuadlet(version string) error

WriteFPMQuadlet writes the systemd quadlet for a PHP-FPM version and reloads the systemd daemon if the content changed. It also ensures the xdebug and user ini files exist.

func WriteQuadlet ¶

func WriteQuadlet(name, content string) error

WriteQuadlet writes a Podman quadlet container unit file. Before writing it applies BindForLAN to rewrite PublishPort= lines according to the current cfg.LAN.Exposed setting. This is done centrally here so callers (install, services, MCP server, custom-service generator) all get the same loopback-by-default treatment without each having to remember.

func WriteQuadletDiff ¶ added in v1.8.0

func WriteQuadletDiff(name, content string) (changed bool, err error)

WriteQuadletDiff writes a quadlet like WriteQuadlet, but also reports whether the on-disk file actually changed. Callers can use this to daemon-reload + restart only the units that need it (e.g. lerd install rewriting binds from 0.0.0.0 to 127.0.0.1 when migrating to a build where lan:expose defaults to off — without a restart the running container would silently keep its old bind).

func WriteXdebugIni ¶ added in v0.4.0

func WriteXdebugIni(version string, enabled bool) error

WriteXdebugIni writes the per-version xdebug ini to the host config dir. The file is volume-mounted into the FPM container at /usr/local/etc/php/conf.d/99-xdebug.ini.