kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix podman SSH key paths and add registry support

Browse Source 
- Configure SELinux to permit nginx network connections
This commit is contained in:
Kris Lamoureux
2026-01-25 13:01:29 -05:00
parent e2e5fdcd67
commit 213e7ed175
4 changed files with 41 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/podman/tasks/deploy.yml
View File

@@ -65,7 +65,7 @@
- name: Generate OpenSSH deploy keys for docker compose (podman) clones - name: Generate OpenSSH deploy keys for docker compose (podman) clones
community.crypto.openssh_keypair: community.crypto.openssh_keypair:
path: "{{ podman_ssh_key_path }}/podman-id_{{ podman_repos_keytype }}" path: "{{ podman_homedir }}/.ssh/podman-id_{{ podman_repos_keytype }}"
type: "{{ podman_repos_keytype }}" type: "{{ podman_repos_keytype }}"
comment: "{{ ansible_hostname }}-{{ podman_user }}-deploy-key" comment: "{{ ansible_hostname }}-{{ podman_user }}-deploy-key"
owner: "{{ podman_user }}" owner: "{{ podman_user }}"
@@ -105,7 +105,7 @@
) )
else false else false
}} }}
key_file: "{{ podman_ssh_key_path }}/podman-id_{{ podman_repos_keytype }}" key_file: "{{ podman_homedir }}/.ssh/podman-id_{{ podman_repos_keytype }}"
become: true become: true
become_user: "{{ podman_user }}" become_user: "{{ podman_user }}"
loop: "{{ podman_project }}" loop: "{{ podman_project }}"

20
roles/podman/tasks/login.yml Normal file
View File

@@ -0,0 +1,20 @@
- name: "Get UID for {{ podman_user.key }}"
ansible.builtin.getent:
database: passwd
key: "{{ podman_user.key }}"
- name: Login to private Podman registry via Docker CLI
community.docker.docker_login:
registry_url: "{{ registry.key }}"
username: "{{ registry.value.username }}"
password: "{{ registry.value.password }}"
docker_host: "unix:///run/user/{{ podman_uid }}/podman/podman.sock"
vars:
podman_uid: "{{ ansible_facts.getent_passwd[podman_user.key][1] }}"
loop: "{{ podman_user.value | dict2items }}"
loop_control:
loop_var: registry
label: "{{ podman_user.key }} => {{ registry.key }}"
become: true
become_user: "{{ podman_user.key }}"
no_log: true

7
roles/podman/tasks/main.yml
View File

@@ -105,6 +105,13 @@
state: present state: present
when: podman_compose is defined when: podman_compose is defined
- name: Login to private Podman registries with Docker CLI for each user
ansible.builtin.include_tasks: login.yml
loop: "{{ podman_login | dict2items }}"
loop_control:
loop_var: podman_user
when: podman_login is defined
- name: Deploy Podman compose projects for each user - name: Deploy Podman compose projects for each user
ansible.builtin.include_tasks: deploy.yml ansible.builtin.include_tasks: deploy.yml
vars: vars:

12
roles/proxy/tasks/main.yml
View File

@@ -41,6 +41,8 @@
dest: "/etc/nginx/sites-available/{{ item.domain }}.conf" dest: "/etc/nginx/sites-available/{{ item.domain }}.conf"
mode: "400" mode: "400"
loop: "{{ proxy.servers }}" loop: "{{ proxy.servers }}"
loop_control:
label: "{{ item.domain }}"
notify: reload_nginx notify: reload_nginx
register: nginx_sites register: nginx_sites
@@ -105,6 +107,16 @@
when: proxy.production is defined and proxy.production and proxy.dns_cloudflare is defined when: proxy.production is defined and proxy.production and proxy.dns_cloudflare is defined
notify: reload_nginx notify: reload_nginx
- name: Enable httpd_can_network_connect to allow nginx network access
ansible.posix.seboolean:
name: httpd_can_network_connect
state: true
persistent: true
when:
- selinux is defined
- selinux is not false
- proxy is defined
- name: Add HTTP and HTTPS firewall rule - name: Add HTTP and HTTPS firewall rule
community.general.ufw: community.general.ufw:
rule: allow rule: allow