README
ΒΆ
Leger - Podman Quadlet Manager with Secrets
Leger is a modern CLI tool for managing Podman Quadlets from Git repositories with integrated secrets management. It combines the simplicity of declarative container definitions with secure secret handling powered by Tailscale.
β¨ Features
- π Git-based Deployments - Install quadlets directly from GitHub or local directories
- π Integrated Secrets - Automatic secret injection via Tailscale-authenticated daemon
- π¦ Native Podman - Uses
podman quadletcommands for 70% less code - π Staged Updates - Preview changes before applying with automatic rollback
- πΎ Backup & Restore - Full deployment backups including volumes
- β Validation - Pre-deployment checks for conflicts and syntax errors
- π¨ Beautiful CLI - Color-coded output, progress bars, and formatted tables
π Quick Start
Installation
# From RPM (Fedora 42+)
sudo dnf install leger
# Start the secrets daemon
systemctl --user enable --now legerd.service
First Deployment
# Authenticate
leger auth login
# Install from Git
leger deploy install myapp --source https://github.com/org/quadlets/tree/main/myapp
# Check status
leger status
# View logs
leger service logs myapp --follow
π Documentation
- User Guide - Get started with Leger
- Command Reference - Complete command documentation
- Troubleshooting - Common issues and solutions
- Examples - Example deployments
Components
leger- CLI for managing Podman Quadletslegerd- Secrets management daemon (fork of tailscale/setec)
Status
π§ Active Development - Progressing towards v1.0.0
Completed Features
β Core deployment infrastructure β Configuration & multi-source support β Staged updates workflow β Backup & restore system β Secrets & validation β Polish & integration testing
Architecture
- Authentication: Tailscale identity
- Networking: Tailscale MagicDNS
- Secrets: legerd (setec fork)
- Containers: Podman Quadlets (systemd integration)
Attribution
legerd is a fork of setec by Tailscale Inc. See NOTICE and LICENSE.setec for full attribution.
License
- Leger components: Apache License 2.0
- legerd (setec fork): BSD-3-Clause (see LICENSE.setec)
Development
# Build both binaries
make build
# Run tests
make test
# Build RPM
make rpm
See docs/DEVELOPMENT.md for details.
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
Package acl implements ACL evaluation for access to a secrets database.
|
Package acl implements ACL evaluation for access to a secrets database. |
|
Package audit provides an audit log writer for access to secrets.
|
Package audit provides an audit log writer for access to secrets. |
|
client
|
|
|
setec
Package setec is a client library to access and manage secrets stored remotely in a secret management service.
|
Package setec is a client library to access and manage secrets stored remotely in a secret management service. |
|
cmd
|
|
|
gendocs
command
|
|
|
leger
command
|
|
|
legerd
command
Program setec is a secret management server that vends secrets over Tailscale, and a client tool to communicate with that server.
|
Program setec is a secret management server that vends secrets over Tailscale, and a client tool to communicate with that server. |
|
Package db provides a secrets database that is encrypted at rest.
|
Package db provides a secrets database that is encrypted at rest. |
|
internal
|
|
|
ui
Package ui provides user interface utilities for the CLI
|
Package ui provides user interface utilities for the CLI |
|
pkg
|
|
|
Package cobra contains shell scripts and constants copied from https://github.com/spf13/cobra for use in our own shell tab-completion logic.
|
Package cobra contains shell scripts and constants copied from https://github.com/spf13/cobra for use in our own shell tab-completion logic. |
|
Package server implements the setec secrets server.
|
Package server implements the setec secrets server. |
|
Package setectest implements a wrapper around setec types for testing.
|
Package setectest implements a wrapper around setec types for testing. |
|
tests
|
|
|
types
|
|
|
api
Package api defines types used to communicate between client and server.
|
Package api defines types used to communicate between client and server. |
Click to show internal directories.
Click to hide internal directories.