From: alex <alex@pdp7.net>
Date: Sun, 12 Oct 2025 14:23:17 +0000 (+0200)
Subject: Use rootful container with automatic namespace
X-Git-Url: https://xn--ix-yja.es/gitweb/?a=commitdiff_plain;h=refs%2Fheads%2Fmain;p=infrastructure.git

Use rootful container with automatic namespace
---

diff --git a/infrastructure/roles/podman/tasks/main.yaml b/infrastructure/roles/podman/tasks/main.yaml
index e804aca..66be760 100644
--- a/infrastructure/roles/podman/tasks/main.yaml
+++ b/infrastructure/roles/podman/tasks/main.yaml
@@ -6,3 +6,13 @@
     name: podman-auto-update.timer
     enabled: true
     state: started
+- name: configure containers subuids
+  ansible.builtin.copy:
+    dest: /etc/subuid
+    content: |
+      containers:2147483647:2147483648
+- name: configure containers subgids
+  ansible.builtin.copy:
+    dest: /etc/subgid
+    content: |
+      containers:2147483647:2147483648
diff --git a/infrastructure/roles/vaultwarden/tasks/main.yaml b/infrastructure/roles/vaultwarden/tasks/main.yaml
index 96eb64f..313b48b 100644
--- a/infrastructure/roles/vaultwarden/tasks/main.yaml
+++ b/infrastructure/roles/vaultwarden/tasks/main.yaml
@@ -10,8 +10,9 @@
       Image=ghcr.io/dani-garcia/vaultwarden:latest
       Exec=/start.sh
       EnvironmentFile=vaultwarden.environment
-      Volume=/var/lib/vaultwarden/:/data/
+      Volume=/var/lib/vaultwarden/:/data/:idmap
       Network=host
+      UserNS=auto
 
       [Install]
       WantedBy=default.target
@@ -36,6 +37,8 @@
   ansible.builtin.file:
     name: /var/lib/vaultwarden
     state: directory
+  notify:
+    - restart quadlet
 - meta: flush_handlers
 - name: enable quadlet
   ansible.builtin.systemd_service: