From ab49cf6758e55c4b9b7fecdfad2f947345a7c231 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sun, 12 Oct 2025 16:23:17 +0200
Subject: [PATCH] Use rootful container with automatic namespace

---
 infrastructure/roles/podman/tasks/main.yaml      | 10 ++++++++++
 infrastructure/roles/vaultwarden/tasks/main.yaml |  5 ++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/infrastructure/roles/podman/tasks/main.yaml b/infrastructure/roles/podman/tasks/main.yaml
index e804aca..66be760 100644
--- a/infrastructure/roles/podman/tasks/main.yaml
+++ b/infrastructure/roles/podman/tasks/main.yaml
@@ -6,3 +6,13 @@
     name: podman-auto-update.timer
     enabled: true
     state: started
+- name: configure containers subuids
+  ansible.builtin.copy:
+    dest: /etc/subuid
+    content: |
+      containers:2147483647:2147483648
+- name: configure containers subgids
+  ansible.builtin.copy:
+    dest: /etc/subgid
+    content: |
+      containers:2147483647:2147483648
diff --git a/infrastructure/roles/vaultwarden/tasks/main.yaml b/infrastructure/roles/vaultwarden/tasks/main.yaml
index 96eb64f..313b48b 100644
--- a/infrastructure/roles/vaultwarden/tasks/main.yaml
+++ b/infrastructure/roles/vaultwarden/tasks/main.yaml
@@ -10,8 +10,9 @@
       Image=ghcr.io/dani-garcia/vaultwarden:latest
       Exec=/start.sh
       EnvironmentFile=vaultwarden.environment
-      Volume=/var/lib/vaultwarden/:/data/
+      Volume=/var/lib/vaultwarden/:/data/:idmap
       Network=host
+      UserNS=auto
 
       [Install]
       WantedBy=default.target
@@ -36,6 +37,8 @@
   ansible.builtin.file:
     name: /var/lib/vaultwarden
     state: directory
+  notify:
+    - restart quadlet
 - meta: flush_handlers
 - name: enable quadlet
   ansible.builtin.systemd_service:
-- 
2.47.3