From b091c4bc1fb3c5a9cf184a034727fb1254c63bdd Mon Sep 17 00:00:00 2001
From: Maciej Lebiest <szwendacz@proton.me>
Date: Sun, 10 Dec 2023 20:43:38 +0100
Subject: [PATCH] podman quadlets examples

---
 README.md | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 97 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2b41bd3..c9c8934 100644
--- a/README.md
+++ b/README.md
@@ -252,4 +252,100 @@ restorecon -v /etc/systemd/system/gitea-runner.service;
 systemctl daemon-reload;
 systemctl enable --now gitea-podman.service;
 systemctl enable --now gitea-runner.service;
-````
+```
+
+## Podman quadlets examples
+
+This section is about quadlets, rather than specific image, but it is based on
+examples.
+
+To enable such container managed by systemd, create `.container` file
+at `/etc/containers/systemd/my-container.container`, and then run:
+```bash
+systemctl daemon-reload;
+systemctl enable --now my-container.service
+```
+
+### Example host-monitoring purpose quadlets
+
+#### zabbix-agent
+
+```systemd
+[Unit]
+Description=Zabbix agent 2
+After=local-fs.target
+
+[Container]
+Image=zabbix-agent
+ContainerName=zabbix-agent
+LogDriver=journald
+Network=host
+Pull=newer
+ReadOnly=yes
+VolatileTmp=true
+SecurityLabelDisable=yes
+UserNS=host
+Ulimit=host
+Unmask=ALL
+
+AutoUpdate=registry
+
+PodmanArgs=--pid=host
+PodmanArgs=--ipc=host
+PodmanArgs=--no-hosts
+
+Volume=/etc/zabbix/agent2.conf:/etc/zabbix/zabbix_agent2.conf:ro
+Volume=/sys:/sys:ro
+Volume=/dev:/dev:ro
+Volume=/var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw
+
+[Service]
+Restart=always
+
+[Install]
+# Start by default on boot
+WantedBy=multi-user.target default.target
+```
+
+#### node-exporter (Prometheus)
+
+```systemd
+[Unit]
+Description=Node exporter for Prometheus
+After=local-fs.target
+
+[Container]
+Image=docker.io/prom/node-exporter:latest
+ContainerName=node-exporter
+LogDriver=journald
+Network=host
+Pull=newer
+ReadOnly=yes
+VolatileTmp=true
+SecurityLabelDisable=yes
+User=1222
+UserNS=host
+Ulimit=host
+Unmask=ALL
+
+AutoUpdate=registry
+
+# Exec=--help
+
+PodmanArgs=--pid=host
+PodmanArgs=--ipc=host
+PodmanArgs=--no-hosts
+
+Volume=/proc:/host/proc:ro
+Volume=/sys:/host/sys:ro
+Volume=/:/rootfs:ro
+
+Exec=--path.procfs=/host/proc --path.rootfs=/rootfs --path.sysfs=/host/sys --collector.filesystem.mount-points-exclude='^/(sys|proc|dev|host|etc)($$|/)'
+
+[Service]
+Restart=always
+
+[Install]
+# Start by default on boot
+WantedBy=multi-user.target default.target
+```