first commit

cloudflared.container

@@ -0,0 +1,15 @@
+[Container]
+Image=docker.io/cloudflare/cloudflared:latest
+Exec=tunnel --no-autoupdate run --token eyJhIjoiNDQ4ZTY3NDk5ZWUyNWY3ZDE4NjJiYjZjYTU1YzFlZjUiLCJ0IjoiMDk1Mzk5N2EtNjFkZS00MDk1LTg4YzUtMzM1M2RhZDJlNzNiIiwicyI6IkRKYmNOSUd5ZHVaWUlPOGVENU91QktWLzQvdG0yV0hxT1hpZExaRUtDVlk9In0=
+LogDriver=journald
+ReadOnly=true
+Network=host
+ContainerName=cloudflared
+Memory=2048M
+
+[Service]
+Restart=always
+ExecStartPre=/usr/bin/podman pull docker.io/cloudflare/cloudflared:latest
+
+[Install]
+WantedBy=default.target

dockhand.container

@@ -0,0 +1,20 @@
+[Unit]
+Description=Dockhand System Service
+After=network-online.target podman.socket
+Requires=podman.socket
+
+[Container]
+Image=docker.io/fnsys/dockhand:v1.0.22
+ContainerName=dockhand
+User=0
+# Pass the security flag directly to Podman to bypass SELinux socket restrictions
+PodmanArgs=--security-opt=label=disable
+PublishPort=3000:3000
+Volume=/run/podman/podman.sock:/var/run/docker.sock:Z
+Volume=/var/podman/dockhand/data:/app/data:Z
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

homebridge.container

@@ -0,0 +1,26 @@
+[Container]
+Image=docker.io/homebridge/homebridge:2026-05-06
+ContainerName=homebridge
+Network=host
+Memory=2048M
+
+# Environment variables
+Environment=TZ=America/Phoenix
+Environment=PGID=1000
+Environment=PUID=1000
+
+# Volume mapping
+Volume=/var/podman/homebridge:/homebridge:Z
+
+# Add this to help with internal resolution if needed
+AddHost=host.containers.internal:host-gateway
+
+# Port mappings restricted to the specific IP
+# Format: IP:HostPort:ContainerPort
+# PublishPort=192.168.112.200:8581:8581
+# PublishPort=192.168.112.200:51826:51826
+
+[Service]
+# Restart policy
+Restart=always
+

npm.container

@@ -0,0 +1,28 @@
+[Unit]
+Description=Nginx Proxy Manager
+After=network-online.target
+
+[Container]
+Image=docker.io/jc21/nginx-proxy-manager:latest
+ContainerName=npm
+# Ports for HTTP, HTTPS, and Admin UI
+PublishPort=80:80
+PublishPort=443:443
+PublishPort=81:81
+
+# Environment Variables
+Environment=TZ=UTC
+Environment=DISABLE_IPV6=true
+
+# Volume Mounts
+# Note: Podman Quadlets handle the :Z (SELinux) suffix just like Compose
+Volume=/var/podman/npm/data:/data:Z
+Volume=/var/podman/npm/letsencrypt:/etc/letsencrypt:Z
+
+[Service]
+# Automatically restart if the service crashes
+Restart=always
+
+[Install]
+# Pull this unit into the multi-user target (standard boot)
+WantedBy=multi-user.target

portainer.container

@@ -0,0 +1,16 @@
+[Container]
+Image=docker.io/portainer/portainer-ce:latest
+ContainerName=portainer
+Volume=/run/podman/podman.sock:/var/run/docker.sock:Z
+Volume=/var/podman/portainer/data:/data:Z
+Volume=/etc/localtime:/etc/localtime:ro
+PublishPort=9443:9443
+PublishPort=8000:8000
+# Use this instead for older Quadlet versions:
+PodmanArgs=--security-opt label=disable
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target