fix: Straightened out the joint, see?

Listen up, see? We ironed out some kinks in the operation, made sure everything's on the up-and-up. - Got the firewalld muscle working proper, no more funny business with the ports. - Them Podman fellas? They're running on their own turf now, rootless and clean. No more mix-ups with the boss's stuff, see? - And the Portainer setup? All squared away, no more funny business with the starting. Everything's on the level now. Capiche?
2025-09-03 21:47:59 +02:00 · 2025-09-03 21:47:59 +02:00 · a67fb3c039
commit a67fb3c039
parent f01c0fa045
4 changed files with 19 additions and 8 deletions
--- a/playbooks/roles/common/defaults/main.yml
+++ b/playbooks/roles/common/defaults/main.yml
@ -5,3 +5,5 @@ common_packages:
  - htop
  - iputils-ping
  - zsh
+  - python3-firewall
+  - firewalld
--- a/playbooks/roles/common/tasks/main.yml
+++ b/playbooks/roles/common/tasks/main.yml
@ -18,3 +18,10 @@
  register: chsh_result
  failed_when: chsh_result.rc != 0
  changed_when: false
+
+- name: Ensure firewalld service is started and enabled
+  ansible.builtin.service:
+    name: firewalld
+    state: started
+    enabled: true
+  become: true
--- a/playbooks/roles/podman/tasks/main.yml
+++ b/playbooks/roles/podman/tasks/main.yml
@ -16,21 +16,21 @@

 - name: Ensure user's Podman config directory exists
  ansible.builtin.file:
-    path: "{{ ansible_user_dir }}/.config/containers"
+    path: "~/.config/containers"
    state: directory
    mode: '0755'
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
-  become: true
+  become: false

 - name: Configure unqualified image search registries for Podman (user-specific)
-  ansible.builtin.copy:
-    src: ../templates/registries.conf.j2
-    dest: "{{ ansible_user_dir }}/.config/containers/registries.conf"
+  ansible.builtin.template:
+    src: registries.conf.j2
+    dest: "~/.config/containers/registries.conf"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0644'
-  become: true
+  become: false
  register: copy_registries_conf_output

 - name: Display copy_registries_conf_output
--- a/playbooks/roles/portainer/tasks/main.yml
+++ b/playbooks/roles/portainer/tasks/main.yml
@ -7,19 +7,21 @@
 - name: Create Portainer container
  containers.podman.podman_container:
    name: portainer
-    image: portainer/portainer-ce
+    image: docker.io/portainer/portainer-ce
    state: started
    ports:
      - "9000:9000"
    volumes:
-      - "/var/run/podman/podman.sock:/var/run/podman/podman.sock"
+      - "/run/podman/podman.sock:/run/podman/podman.sock"
      - "portainer_data:/data"
    restart_policy: unless-stopped
+  become: false

 - name: Ensure Portainer container is running
  containers.podman.podman_container:
    name: portainer
    state: started
+  become: false

 - name: Allow Portainer UI port
  ansible.posix.firewalld: