systemd v258 is out and now has working user credentials.
- name: Encrypt secret
community.general.systemd_creds_encrypt:
name: web
not_after: +30d
pretty: true
secret: "{{ container_secret }}"
user: "{{ container_user }}"
register: encrypted_secret
- name: Web server container
containers.podman.podman_container:
name: nginx
image: docker.io/konstruktoid/nginx
state: quadlet
ports:
- 8080:80
cap_drop: all
capabilities:
- chown
- dac_override
- net_bind_service
- setgid
- setuid
hostname: "{{ ansible_nodename }}"
volumes:
- "{{ container_user_info.home }}/nginx.conf:/etc/nginx/http.d/default.conf"
- "/run/user/{{ container_user_info.uid }}/credentials/nginx.service/web:/var/tmp/web"
quadlet_options:
- AutoUpdate=registry
- Pull=newer
- |
[Service]
{{ encrypted_secret.value }}
[Install]
WantedBy=default.target
Top comments (0)