Joakim
500224b5de
- Implemented complete Podman infrastructure role following rick-infra patterns - Minimal installation approach: only install podman, trust Arch dependency management - Configured with crun runtime for optimal performance and security - Security-focused: HTTPS-only registries, rootless containers, systemd hardening - Registry support: docker.io, quay.io, ghcr.io with secure configurations - Ready for service-specific users with isolated container environments - Quadlet support for native systemd container management - Container-to-host networking via bridge networks with host gateway access - Foundation for future containerized services (Authentik, Nextcloud) - Maintains rick-infra philosophy: infrastructure provides foundation, apps manage specifics
Rick's Infra
Arch Linux VPS
Ansible
Infrastructure as code for setting up new instance.
- Security
- SSH
- Firewall
- Fail2ban
- Kernel hardening
- Base packages
- Monitoring/Logging
- Backup
Services
Services are managed by serviced
Caddy
Reverse proxy.
Containers
Containers are managed by rootless Podman.