Fix podman SSH key paths and add registry support

- Configure SELinux to permit nginx network connections
2026-01-25 13:01:29 -05:00
parent e2e5fdcd67
commit 213e7ed175
4 changed files with 41 additions and 2 deletions
--- a/roles/podman/tasks/deploy.yml
+++ b/roles/podman/tasks/deploy.yml
@@ -65,7 +65,7 @@

 - name: Generate OpenSSH deploy keys for docker compose (podman) clones
  community.crypto.openssh_keypair:
-    path: "{{ podman_ssh_key_path }}/podman-id_{{ podman_repos_keytype }}"
+    path: "{{ podman_homedir }}/.ssh/podman-id_{{ podman_repos_keytype }}"
    type: "{{ podman_repos_keytype }}"
    comment: "{{ ansible_hostname }}-{{ podman_user }}-deploy-key"
    owner: "{{ podman_user }}"
@@ -105,7 +105,7 @@
        )
        else false
      }}
-    key_file: "{{ podman_ssh_key_path }}/podman-id_{{ podman_repos_keytype }}"
+    key_file: "{{ podman_homedir }}/.ssh/podman-id_{{ podman_repos_keytype }}"
  become: true
  become_user: "{{ podman_user }}"
  loop: "{{ podman_project }}"
--- a/roles/podman/tasks/login.yml
+++ b/roles/podman/tasks/login.yml
@@ -0,0 +1,20 @@
+- name: "Get UID for {{ podman_user.key }}"
+  ansible.builtin.getent:
+    database: passwd
+    key: "{{ podman_user.key }}"
+
+- name: Login to private Podman registry via Docker CLI
+  community.docker.docker_login:
+    registry_url: "{{ registry.key }}"
+    username: "{{ registry.value.username }}"
+    password: "{{ registry.value.password }}"
+    docker_host: "unix:///run/user/{{ podman_uid }}/podman/podman.sock"
+  vars:
+    podman_uid: "{{ ansible_facts.getent_passwd[podman_user.key][1] }}"
+  loop: "{{ podman_user.value | dict2items }}"
+  loop_control:
+    loop_var: registry
+    label: "{{ podman_user.key }} => {{ registry.key }}"
+  become: true
+  become_user: "{{ podman_user.key }}"
+  no_log: true
--- a/roles/podman/tasks/main.yml
+++ b/roles/podman/tasks/main.yml
@@ -105,6 +105,13 @@
    state: present
  when: podman_compose is defined

+- name: Login to private Podman registries with Docker CLI for each user
+  ansible.builtin.include_tasks: login.yml
+  loop: "{{ podman_login | dict2items }}"
+  loop_control:
+    loop_var: podman_user
+  when: podman_login is defined
+
 - name: Deploy Podman compose projects for each user
  ansible.builtin.include_tasks: deploy.yml
  vars: