# Podman Quadlets

Collection of Podman Quadlets, with plenty of documentation!

I personally find that Podman Quadlets do not require that much documentation, but it can be confusing for anyone who isn't already familiar with Docker or Podman. While I am not an expert, I have been figuring out how Quadlets work, and believe I can set up my homeserver in an order that would be considered "good". 

## My own personal choices

There are a lot of ways to set up Quadlets, but here I will cover the cleanest setup possible that is also functional. 

Environment files will be stored in the users home directory named `.envs`, with the naming scheme of `SERVICE.env`. In an ideal world you will be able to easily spot whatever file you should be editing. In the Environment files I will include a variable (`Q_DOCS`) with a link to the documentation of the service, plus the most common variables you will probably need to set up the service.

  location /api/authz/auth-request {


  internal;



  proxy_set_header Host $host;


  proxy_set_header X-Original-URL $scheme://$http_host$request_uri;


  proxy_set_header X-Forwarded-Proto $scheme;


  proxy_set_header X-Forwarded-Host $http_host;


  proxy_set_header X-Forwarded-URI $request_uri;


  proxy_set_header X-Forwarded-For $remote_addr;



  # extra settings, don't pass the entire body to auth_request


  proxy_set_header Content-Length "";


  proxy_set_header Connection "";


  proxy_pass_request_body off;



  # url to send auth_request. Should be ${APP_URL}/api/authz/auth-request


  proxy_pass http://localhost:3005/api/authz/auth-request;


}



location /{


  proxy_set_header Host $host;


  proxy_set_header X-Original-URL $scheme://$http_host$request_uri;


  proxy_set_header X-Forwarded-Proto $scheme;


  proxy_set_header X-Forwarded-Host $http_host;


  proxy_set_header X-Forwarded-URI $request_uri;


  proxy_set_header X-Forwarded-For $remote_addr;


  


  proxy_set_header Upgrade $http_upgrade;


  proxy_set_header Connection "upgrade";



  auth_request /api/authz/auth-request;



  # --- FIX STARTS HERE ---

  # You must "capture" the headers into variables first

  auth_request_set $user $upstream_http_remote_user;

  auth_request_set $groups $upstream_http_remote_groups;

  auth_request_set $email $upstream_http_remote_email;

  auth_request_set $name $upstream_http_remote_name;


  # Then pass those variables as headers to Navidrome

  proxy_set_header Remote-User $user;

  proxy_set_header Remote-Groups $groups;

  proxy_set_header Remote-Email $email;

  proxy_set_header Remote-Name $name;

  # --- FIX ENDS HERE ---



  # If response 401 or 407 code, try to redirect to Location Header as if 302.


  # NGINX auth_request cannot handle codes except 2xx and 4xx, this is a workaround


  auth_request_set $redirection_url $upstream_http_location;


  error_page 401 =302 $redirection_url;


  error_page 407 =302 $redirection_url;  


  proxy_pass $forward_scheme://$server:$port;


}