Joakim
500224b5de
- Implemented complete Podman infrastructure role following rick-infra patterns - Minimal installation approach: only install podman, trust Arch dependency management - Configured with crun runtime for optimal performance and security - Security-focused: HTTPS-only registries, rootless containers, systemd hardening - Registry support: docker.io, quay.io, ghcr.io with secure configurations - Ready for service-specific users with isolated container environments - Quadlet support for native systemd container management - Container-to-host networking via bridge networks with host gateway access - Foundation for future containerized services (Authentik, Nextcloud) - Maintains rick-infra philosophy: infrastructure provides foundation, apps manage specifics
26 lines
736 B
YAML
26 lines
736 B
YAML
---
|
|
# Security hardening establishes secure foundation before web services
|
|
# - import_playbook: playbooks/security.yml
|
|
|
|
- name: Deploy Core Infrastructure
|
|
hosts: arch-vps
|
|
become: yes
|
|
gather_facts: yes
|
|
|
|
roles:
|
|
# Infrastructure services
|
|
# - role: postgresql
|
|
# tags: ['postgresql', 'infrastructure', 'database']
|
|
# - role: valkey
|
|
# tags: ['valkey', 'redis', 'infrastructure', 'cache']
|
|
- role: podman
|
|
tags: ['podman', 'containers', 'infrastructure']
|
|
# - role: caddy
|
|
# tags: ['caddy', 'infrastructure', 'web']
|
|
|
|
# Application services
|
|
# - role: gitea
|
|
# tags: ['gitea', 'git', 'development']
|
|
# - role: sigvild-gallery
|
|
# tags: ['sigvild', 'gallery', 'wedding']
|