podspawnpodspawn

Server Configuration

Reference for /etc/podspawn/config.yaml, covering authentication, defaults, session lifecycle, state, logging, security, and project routing.

The server configuration file lives at /etc/podspawn/config.yaml. If the file does not exist, podspawn uses built-in defaults for every field. Partial configs are fine; only the fields you specify override the defaults.

Full example

auth:
  key_dir: /etc/podspawn/keys

defaults:
  image: ubuntu:24.04
  shell: /bin/bash
  cpus: 2.0
  memory: 2g

session:
  grace_period: 60s
  max_lifetime: 8h
  mode: grace-period

state:
  db_path: /var/lib/podspawn/state.db
  lock_dir: /var/lib/podspawn/locks

log:
  file: ""
  audit_log: ""

security:
  cap_drop:
    - ALL
  cap_add:
    - CHOWN
    - SETUID
    - SETGID
    - DAC_OVERRIDE
    - FOWNER
    - NET_BIND_SERVICE
  no_new_privileges: true
  pids_limit: 256
  readonly_rootfs: false
  tmpfs: {}
  runtime: ""

resources:
  max_per_user: 3

projects_file: /etc/podspawn/projects.yaml

auth

FieldTypeDefaultDescription
key_dirstring/etc/podspawn/keysDirectory containing per-user SSH public key files. Each file is named after the user (e.g., keys/alice). Used by AuthorizedKeysCommand at SSH auth time.

defaults

Resource and environment defaults applied to every new container unless overridden by a user override or Podfile.

FieldTypeDefaultDescription
imagestringubuntu:24.04Base Docker image for user containers.
shellstring/bin/bashDefault shell launched on SSH connect.
cpusfloat642.0CPU cores allocated per container.
memorystring2gMemory limit per container. Accepts g/G (gigabytes) and m/M (megabytes) suffixes.

session

Controls container lifecycle after a user disconnects.

FieldTypeDefaultDescription
grace_periodstring60sHow long to keep a container alive after the last SSH session disconnects. Must include a Go duration unit (e.g., 60s, 5m, 1h).
max_lifetimestring8hMaximum wall-clock lifetime for a container regardless of session activity. Same duration format as grace_period.
modestringgrace-periodContainer teardown strategy. grace-period waits for the grace period after disconnect before removing the container.

Both grace_period and max_lifetime are validated at load time. If either value is not a valid Go duration string, the config fails to load.

state

Paths for persistent state. These directories must be writable by the podspawn process.

FieldTypeDefaultDescription
db_pathstring/var/lib/podspawn/state.dbSQLite database tracking active sessions and containers.
lock_dirstring/var/lib/podspawn/locksDirectory for file-based locks that prevent concurrent mutations to the same user session.

log

FieldTypeDefaultDescription
filestring"" (empty)Path to a structured log file. When empty, logs go to stderr.
audit_logstring"" (empty)Path to an audit-specific log file for security-relevant events.

security

Hardening options applied to every user container. See the dedicated Security Configuration page for details.

FieldTypeDefaultDescription
cap_drop[]string["ALL"]Linux capabilities to drop.
cap_add[]string["CHOWN", "SETUID", "SETGID", "DAC_OVERRIDE", "FOWNER", "NET_BIND_SERVICE"]Linux capabilities to re-add after dropping.
no_new_privilegesbooltrueSets the no-new-privileges security flag on the container.
pids_limitint64256Maximum number of processes inside the container.
readonly_rootfsboolfalseMount the container root filesystem as read-only.
tmpfsmap[string]string{}Tmpfs mounts to add. Keys are mount paths, values are mount options.
runtimestring"" (empty)OCI runtime name. Leave empty for the default Docker runtime, or set to runsc for gVisor.

resources

Controls resource limits for the podspawn installation.

FieldTypeDefaultDescription
resources.max_per_userint3Maximum number of concurrent sessions per user. Set to 0 for unlimited. When exceeded, new sessions are rejected with a message guiding the user to stop an existing one.
resources:
  max_per_user: 3

projects_file

FieldTypeDefaultDescription
projects_filestring/etc/podspawn/projects.yamlPath to the project routing configuration file that maps project names to repository paths and Podfiles.

Networking

Per-user bridge networks, companion service DNS, container isolation, and how port forwarding works through sshd

Client Configuration

Reference for ~/.podspawn/config.yaml, covering server routing with .pod hostnames.

On this page

Full exampleauthdefaultssessionstatelogsecurityresourcesprojects_file