role_podman

Deploy podman pods and containers on CoreOS instance.

Variables

podman_auto_update

Status of the automatic container update service.

Default value: `true

podman_pods

List of dictionnaries to define pods (see ansible documentation).

Default value: none

podman_containers

List of dictionnaries to define containers (see ansible documentation).

Default value: none

Usage

To deploy wg-easy container:

# BEGIN role_podman
podman_containers:
  - image: "ghcr.io/wg-easy/wg-easy:latest"
    name: wg-easy
    publish:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    volumes:
      - "/srv/wg-easy:/etc/wireguard"
    env:
      LANG: fr
      PORT: 51821
      UI_CHART_TYPE: 2
      PASSWORD_HASH: <secret>
      WG_HOST: noun.ykn.fr
      WG_PORT: 51820
      WG_PERSISTENT_KEEPALIVE: 25
      WG_DEFAULT_DNS: ""
      WG_ALLOWED_IPS: 192.168.84.0/24
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_MODULE
    sysctl:
      net.ipv4.ip_forward: 1
      net.ipv4.conf.all.src_valid_mark: 1
    quadlet_options:
      - AutoUpdate=registry
      - |-
        [Service]
        Restart=on-failure
        TimeoutStartSec=900
      - |-
        [Install]
        WantedBy=default.target
# END role_podman