Infrastructure repository build upon ansible, podman and systemd.

Find a file

Renovate Bot f23fa5afdf All checks were successful ci/woodpecker/pr/ansible-lint Pipeline was successful Details ci/woodpecker/push/ansible-lint Pipeline was successful Details chore(deps): update keycloak docker tag to v26.3.3		2025-08-20 13:05:03 +02:00
.ansible	chore(deps): update community.general to version 11.2.0	2025-08-17 11:30:58 +02:00
.woodpecker	ci(ansible-lint): Use clone options instead of manual clone step	2025-05-01 20:13:07 +02:00
docs	docs(Codeowners): Fixup teamname	2025-07-26 15:12:12 +02:00
guides	docs(guides): Add hetzner cloud install/bootstrap guide	2025-06-01 20:25:36 +02:00
oneshots	feat(ansible): Divide oneshot playbooks from install playbooks	2025-03-23 22:14:16 +01:00
playbooks	remove!(gatus): Remove role	2025-07-23 16:09:30 +02:00
roles	chore(deps): update keycloak docker tag to v26.3.3	2025-08-20 13:05:03 +02:00
.ansible-lint.yml	chore: Remove ansible galaxy meta information	2025-03-16 18:21:12 +01:00
.editorconfig	Add self-documenting Makefile	2021-06-01 10:25:54 +02:00
.gitignore	refactor(ansible): move inventories to config_ dirs	2025-03-30 12:58:58 +02:00
ansible.cfg	refactor(ansible): move inventories to config_ dirs	2025-03-30 12:58:58 +02:00
cliff.toml	ci(Changelog): Update release sections	2024-04-28 14:55:43 +02:00
Justfile	feat(ansible): Divide oneshot playbooks from install playbooks	2025-03-23 22:14:16 +01:00
LICENSE	Add LICENSE	2021-01-24 18:39:00 +00:00
README.md	docs(README): Restructure and minimal updates	2024-09-15 15:51:32 +02:00
renovate.json	ci(renovate): Remove assignees from code owners	2025-08-06 15:35:57 +02:00

README.md

Infrastructure

Ansible stuff for my personal infrastructure services.

Description

This repository aims to provide containerized services by leveraging the Podman container engine to deploy services and systemd to control their lifecycle.

Systemd services are generated by Podman's systemd-generator quadlet.

SELinux is supported.

Requirements

Kernel version

minimum: >= 4.15
- support for device controller on cgroupsv2
recommended:
- >= 5.2
  - support for freezer on cgroupsv2, mitigating rootful TOCTOU attacks
- >= 5.13
  - support for rootless overlay mounts, removing the need for fuse-overlayfs

Systemd version

minimum: >= 226
- needed for cgroupsv2
recommended: >= 244
- if you want to delegate the cpuset controller

Podman version

minimum: >= 4.6.0
- needed for quadlet PodmanArgs support
recommended: >= 4.8.0
- various quadlet fixes and nice-to-haves

Container runtime

crun is the default container runtime used by podman and it is the runtime i run my infrastructure with.

Network backend

netavark is the default network backend since podman 4.0 and i'm using it on all my hosts.

Furthermore the CNI backend is deprecated and will be removed in podman 5.0.

Setup

Make sure you satisfy all system requirements mentioned above.

If you are executing any roles/playbooks directly inside this repository you should be good to go.

Otherwise you need to ensure that your ansible can either find the collections inside of .ansible/collections or install all required and collections from ansible galaxy using:

ansible-galaxy install -f -r requirements.yml

Installation

You can install roles from this repository via ansible-galaxy.

Example requirements.yml:

roles:
  - src: https://git.histalek.de/histalek-de/infrastructure/-/archive/main/infrastructure-main.tar.gz?path=roles/camo
    name: camo
    #version: main

and then simply execute

ansible-galaxy install -f -r requirements.yml

License

This repository is licensed under GPL-3.

I took inspiration from the following two repositories/people.

Both follow a docker based approach instead of podman: