Do you host all services just from your root account with docker or do you seperate the services between user accounts with rootless docker?

Do you use podman or docker?

It’s easier to just host everything from root with normal docker, but seperating services into special user account is probably way saver, at least as far as i know. Do you think ist worth going the extra step or do you just trust docker and your containers to not get exploited?

Last but not least do you use an automatic update service for your host system and your containers?

  • ShittyKopper [they/them]
    link
    fedilink
    English
    2
    edit-2
    1 year ago

    Rootful Podman & podman-compose. Waiting on the version of Podman that supports passt to hit Debian Bookworm or backports to attempt rootless. Deployed with Ansible except a few manual parts like creating the Postgres databases themselves.

    No auto updates or notifications so far, as there seems to be a couple incompatibility issues left with Watchtower & Podman. Although since I switched CrowdSec to monitor journald instead of the Podman socket I don’t really have a reason to keep the daemon running, and I think that’s for the best.