--- # ================================================================= # Podman Infrastructure Role - Simplified Configuration # ================================================================= # Provides rootless container infrastructure for applications # Applications manage their own service-specific users and deployments # ================================================================= # Essential Configuration # ================================================================= # Service Management podman_service_enabled: true podman_service_state: "started" # Installation Configuration (Arch Linux optimized) podman_install_optional: false # Trust pacman dependency management # ================================================================= # Container Runtime Security # ================================================================= # Rootless container configuration podman_rootless: true podman_systemd_security: true # ================================================================= # Registry Configuration # ================================================================= # Default container registries (secure, trusted sources) podman_registries: - docker.io - quay.io - ghcr.io # Registry security settings podman_registry_insecure: false podman_registry_blocked: false # ================================================================= # Network Configuration # ================================================================= # Default networking (applications create their own networks) podman_default_network: "bridge" podman_network_security: true # ================================================================= # Storage Configuration # ================================================================= # Container storage settings podman_storage_driver: "overlay" podman_storage_security: true # ================================================================= # Infrastructure Notes # ================================================================= # This role provides minimal podman infrastructure # Applications should manage their own configurations: # # Service-specific users: # - Applications create users like: authentik, nextcloud, etc. # - Each user gets isolated subuid/subgid ranges # - Each user manages their own containers via systemd --user # # Container networking: # - Applications create bridge networks for isolation # - Host services accessed via host.containers.internal # - Port publishing only to localhost for security # # Podman's built-in defaults are used for everything else