update(gitea): bump version to 1.24.0

galaxy.yml

@@ -1,13 +1,15 @@
 namespace: finallycoffee
 name: services
-version: "0.1.13"
+version: "0.1.15"
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
 description: Various ansible roles useful for automating infrastructure
 dependencies:
+  "community.general": "^10.0.0"
   "community.crypto": "^2.22.0"
   "community.docker": "^4.0.0"
+  "containers.podman": "^1.16.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'
@@ -21,3 +23,4 @@ tags:
   - vaultwarden
   - snipeit
   - docker
+  - phpldapadmin

playbooks/phpldapadmin.yml

@@ -0,0 +1,7 @@
+---
+- name: Configure and run phpldapadmin
+  hosts: "{{ phpldapadmin_hosts | default('phpldapadmin', true) }}"
+  become: "{{ phpldapadmin_become | default(false) }}"
+  gather_facts: "{{ phpldapadmin_gather_facts | default(false) }}"
+  roles:
+    - role: finallycoffee.services.phpldapadmin

roles/authelia/defaults/main.yml

@@ -1,8 +1,10 @@
 ---
-authelia_version: "4.38.18"
+authelia_version: "4.39.4"
 authelia_user: authelia
 authelia_base_dir: /opt/authelia
 authelia_domain: authelia.example.org
+authelia_state: present
+authelia_deployment_method: docker
 
 authelia_config_dir: "{{ authelia_base_dir }}/config"
 authelia_config_file: "{{ authelia_config_dir }}/config.yaml"
@@ -13,7 +15,7 @@ authelia_notification_storage_file: "{{ authelia_data_dir }}/notifications.txt"
 authelia_user_storage_file: "{{ authelia_data_dir }}/user_database.yml"
 
 authelia_container_name: authelia
-authelia_container_image_server: docker.io
+authelia_container_image_server: ghcr.io
 authelia_container_image_namespace: authelia
 authelia_container_image_name: authelia
 authelia_container_image: >-2

roles/authelia/tasks/deploy-docker.yml

@@ -0,0 +1,61 @@
+---
+- name: Ensure container mounts are present
+  when: authelia_state == 'present'
+  block:
+    - name: Ensure sqlite database file exists before mounting it
+      ansible.builtin.file:
+        path: "{{ authelia_sqlite_storage_file }}"
+        state: touch
+        owner: "{{ authelia_run_user }}"
+        group: "{{ authelia_run_group }}"
+        mode: "0640"
+        access_time: preserve
+        modification_time: preserve
+      when: authelia_config_storage_local_path | default(false, true)
+
+    - name: Ensure user database exists before mounting it
+      ansible.builtin.file:
+        path: "{{ authelia_user_storage_file }}"
+        state: touch
+        owner: "{{ authelia_run_user }}"
+        group: "{{ authelia_run_group }}"
+        mode: "0640"
+        access_time: preserve
+        modification_time: preserve
+      when: authelia_config_authentication_backend_file_path | default(false, true)
+
+    - name: Ensure notification reports file exists before mounting it
+      ansible.builtin.file:
+        path: "{{ authelia_notification_storage_file }}"
+        state: touch
+        owner: "{{ authelia_run_user }}"
+        group: "{{ authelia_run_group }}"
+        mode: "0640"
+        access_time: preserve
+        modification_time: preserve
+      when: authelia_config_notifier_filesystem_filename | default(false, true)
+
+- name: Ensure authelia container image is {{ authelia_state }}
+  community.docker.docker_image:
+    name: "{{ authelia_container_image_ref }}"
+    state: "{{ authelia_state }}"
+    source: pull
+    force_source: "{{ authelia_container_image_force_pull }}"
+  register: authelia_container_image_info
+
+- name: Ensure authelia container is {{ authelia_container_state }}
+  community.docker.docker_container:
+    name: "{{ authelia_container_name }}"
+    image: "{{ authelia_container_image_ref }}"
+    env: "{{ authelia_container_env }}"
+    user: "{{ authelia_run_user }}:{{ authelia_run_group }}"
+    ports: "{{ authelia_container_ports | default(omit, true) }}"
+    labels: "{{ authelia_container_labels }}"
+    volumes: "{{ authelia_container_volumes }}"
+    networks: "{{ authelia_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}"
+    purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}"
+    restart_policy: "{{ authelia_container_restart_policy }}"
+    recreate: "{{ authelia_container_recreate | default(omit, true) }}"
+    state: "{{ authelia_container_state }}"
+  register: authelia_container_info

roles/authelia/tasks/main.yml

@@ -1,16 +1,30 @@
 ---
+- name: Check for valid state
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ authelia_state }}'.
+      Supported states are {{ authelia_states | join(', ') }}.
+  when: authelia_state not in authelia_states
 
-- name: Ensure user {{ authelia_user }} exists
+- name: Check for valid authelia deployment method
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported deployment method '{{ authelia_deployment_method }}'.
+      Supported states are {{ authelia_deployment_methods | join(', ') }}.
+  when: authelia_deployment_method not in authelia_deployment_methods
+
+- name: Ensure user {{ authelia_user }} is {{ authelia_state }}
   ansible.builtin.user:
     name: "{{ authelia_user }}"
-    state: present
+    state: "{{ authelia_state }}"
     system: true
+    create_home: false
   register: authelia_user_info
 
-- name: Ensure host directories are created with correct permissions
+- name: Ensure host directories are {{ authelia_state }}
   ansible.builtin.file:
     path: "{{ item.path }}"
-    state: directory
+    state: "{{ (authelia_state == 'present') | ternary('directory', 'absent') }}"
     owner: "{{ item.owner | default(authelia_user) }}"
     group: "{{ item.group | default(authelia_user) }}"
     mode: "{{ item.mode | default('0750') }}"
@@ -25,7 +39,7 @@
     - path: "{{ authelia_asset_dir }}"
       mode: "0750"
 
-- name: Ensure config file is generated
+- name: Ensure config file is {{ authelia_state }}
   ansible.builtin.copy:
     content: "{{ authelia_config | to_nice_yaml(indent=2, width=10000) }}"
     dest: "{{ authelia_config_file }}"
@@ -33,61 +47,8 @@
     group: "{{ authelia_run_group }}"
     mode: "0640"
   notify: restart-authelia
+  when: authelia_state == 'present'
 
-- name: Ensure sqlite database file exists before mounting it
+- name: Deploy authelia using {{ authelia_deployment_method }}
-  ansible.builtin.file:
+  ansible.builtin.include_tasks:
-    path: "{{ authelia_sqlite_storage_file }}"
+    file: "deploy-{{ authelia_deployment_method }}.yml"
-    state: touch
-    owner: "{{ authelia_run_user }}"
-    group: "{{ authelia_run_group }}"
-    mode: "0640"
-    access_time: preserve
-    modification_time: preserve
-  when: authelia_config_storage_local_path | default(false, true)
-
-- name: Ensure user database exists before mounting it
-  ansible.builtin.file:
-    path: "{{ authelia_user_storage_file }}"
-    state: touch
-    owner: "{{ authelia_run_user }}"
-    group: "{{ authelia_run_group }}"
-    mode: "0640"
-    access_time: preserve
-    modification_time: preserve
-  when: authelia_config_authentication_backend_file_path | default(false, true)
-
-- name: Ensure notification reports file exists before mounting it
-  ansible.builtin.file:
-    path: "{{ authelia_notification_storage_file }}"
-    state: touch
-    owner: "{{ authelia_run_user }}"
-    group: "{{ authelia_run_group }}"
-    mode: "0640"
-    access_time: preserve
-    modification_time: preserve
-  when: authelia_config_notifier_filesystem_filename | default(false, true)
-
-- name: Ensure authelia container image is present
-  community.docker.docker_image:
-    name: "{{ authelia_container_image_ref }}"
-    state: present
-    source: pull
-    force_source: "{{ authelia_container_image_force_pull }}"
-  register: authelia_container_image_info
-
-- name: Ensure authelia container is running
-  community.docker.docker_container:
-    name: "{{ authelia_container_name }}"
-    image: "{{ authelia_container_image_ref }}"
-    env: "{{ authelia_container_env }}"
-    user: "{{ authelia_run_user }}:{{ authelia_run_group }}"
-    ports: "{{ authelia_container_ports | default(omit, true) }}"
-    labels: "{{ authelia_container_labels }}"
-    volumes: "{{ authelia_container_volumes }}"
-    networks: "{{ authelia_container_networks | default(omit, true) }}"
-    etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}"
-    purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}"
-    restart_policy: "{{ authelia_container_restart_policy }}"
-    recreate: "{{ authelia_container_recreate | default(omit, true) }}"
-    state: "{{ authelia_container_state }}"
-  register: authelia_container_info

roles/authelia/vars/main.yml

@@ -1,4 +1,9 @@
 ---
+authelia_states:
+  - "present"
+  - "absent"
+authelia_deployment_methods:
+  - "docker"
 
 authelia_run_user: "{{ (authelia_user_info.uid) if authelia_user_info is defined else authelia_user }}"
 authelia_run_group: "{{ (authelia_user_info.group) if authelia_user_info is defined else authelia_user }}"

roles/ghost/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 ghost_domain: ~
-ghost_version: "5.109.3"
+ghost_version: "5.121.0"
 ghost_user: ghost
 ghost_user_group: ghost
 ghost_base_path: /opt/ghost

roles/gitea/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-gitea_version: "1.23.3"
+gitea_version: "1.24.0"
 gitea_user: git
 gitea_run_user: "{{ gitea_user }}"
 gitea_base_path: "/opt/gitea"

roles/hedgedoc/defaults/main/main.yml

@@ -1,6 +1,6 @@
 ---
 hedgedoc_user: hedgedoc
-hedgedoc_version: "1.10.1"
+hedgedoc_version: "1.10.3"
 
 hedgedoc_state: present
 hedgedoc_deployment_method: docker

roles/hedgedoc/tasks/deploy-podman.yml

@@ -0,0 +1,31 @@
+---
+- name: Ensure container image '{{ hedgedoc_container_image }}' is {{ hedgedoc_state }}
+  containers.podman.podman_image:
+    name: "{{ hedgedoc_container_image }}"
+    state: "{{ hedgedoc_state }}"
+    pull: "{{ (hedgedoc_container_image_source == 'pull') | bool }}"
+    force: >-2
+      {{ hedgedoc_container_force_source | default(
+        hedgedoc_container_image_tag | default(false, true), true) }}
+  register: hedgedoc_container_image_info
+  until: hedgedoc_container_image_info is success
+  retries: 5
+  delay: 3
+
+- name: Ensure container '{{ hedgedoc_container_name }}' is {{ hedgedoc_container_state }}
+  containers.podman.podman_container:
+    name: "{{ hedgedoc_container_name }}"
+    image: "{{ hedgedoc_container_image }}"
+    env: "{{ hedgedoc_container_env | default(omit, true) }}"
+    user: "{{ hedgedoc_container_user | default(omit, true) }}"
+    ports: "{{ hedgedoc_container_ports | default(omit, true) }}"
+    labels: "{{ hedgedoc_container_all_labels }}"
+    volumes: "{{ hedgedoc_container_all_volumes }}"
+    etc_hosts: "{{ hedgedoc_container_etc_hosts | default(omit, true) }}"
+    dns_servers: >-2
+      {{ hedgedoc_container_dns_servers | default(omit, true) }}
+    network_mode: >-2
+      {{ hedgedoc_container_network_mode | default(omit, true) }}
+    restart_policy: >-2
+      {{ hedgedoc_container_restart_policy | default(omit, true) }}
+    state: "{{ hedgedoc_container_state }}"

roles/jellyfin/defaults/main.yml

@@ -1,7 +1,8 @@
 ---
 jellyfin_user: jellyfin
-jellyfin_version: "10.10.5"
+jellyfin_version: "10.10.7"
 jellyfin_state: present
+jellyfin_deployment_method: docker
 
 jellyfin_base_path: /opt/jellyfin
 jellyfin_config_path: "{{ jellyfin_base_path }}/config"

roles/jellyfin/tasks/deploy-docker.yml

@@ -0,0 +1,25 @@
+---
+- name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }}
+  community.docker.docker_image:
+    name: "{{ jellyfin_container_image_ref }}"
+    state: "{{ jellyfin_state }}"
+    source: "{{ jellyfin_container_image_source }}"
+    force_source: "{{ jellyfin_container_image_tag | default(false, true) }}"
+  register: jellyfin_container_image_pull_result
+  until: jellyfin_container_image_pull_result is succeeded
+  retries: 5
+  delay: 3
+
+- name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }}
+  community.docker.docker_container:
+    name: "{{ jellyfin_container_name }}"
+    image: "{{ jellyfin_container_image_ref }}"
+    user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
+    labels: "{{ jellyfin_container_labels }}"
+    volumes: "{{ jellyfin_container_volumes }}"
+    ports: "{{ jellyfin_container_ports | default(omit, true) }}"
+    networks: "{{ jellyfin_container_networks | default(omit, true) }}"
+    network_mode: "{{ jellyfin_container_network_mode }}"
+    etc_hosts: "{{ jellyfin_container_etc_hosts | default(omit, true) }}"
+    restart_policy: "{{ jellyfin_container_restart_policy }}"
+    state: "{{ jellyfin_container_state }}"

roles/jellyfin/tasks/deploy-podman.yml

@@ -0,0 +1,22 @@
+---
+- name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }}
+  containers.podman.podman_image:
+    name: "{{ jellyfin_container_image_ref }}"
+    state: "{{ jellyfin_state }}"
+    pull: "{{ (jellyfin_container_image_source == 'pull') | bool }}"
+    force: "{{ jellyfin_container_image_tag | default(false, true) }}"
+  register: jellyfin_container_image_pull_result
+  until: jellyfin_container_image_pull_result is succeeded
+  retries: 5
+  delay: 3
+
+- name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }}
+  containers.podman.podman_container:
+    name: "{{ jellyfin_container_name }}"
+    image: "{{ jellyfin_container_image_ref }}"
+    user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
+    labels: "{{ jellyfin_container_labels }}"
+    volumes: "{{ jellyfin_container_volumes }}"
+    network: "{{ jellyfin_container_networks | default(omit, True) }}"
+    restart_policy: "{{ jellyfin_container_restart_policy }}"
+    state: "{{ jellyfin_container_state }}"

roles/jellyfin/tasks/main.yml

@@ -6,6 +6,13 @@
       states are {{ jellyfin_states | join(', ') }}.
   when: jellyfin_state not in jellyfin_states
 
+- name: Check if deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ jellyfin_deployment_method }}'. Supported
+      states are {{ jellyfin_deployment_methods | join(', ') }}.
+  when: jellyfin_deployment_method not in jellyfin_deployment_methods
+
 - name: Ensure jellyfin user '{{ jellyfin_user }}' is {{ jellyfin_state }}
   ansible.builtin.user:
     name: "{{ jellyfin_user }}"
@@ -23,25 +30,6 @@
     mode: "{{ item.mode }}"
   loop: "{{ jellyfin_host_directories }}"
 
-- name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }}
+- name: Ensure jellyfin is deployed using {{ jellyfin_deployment_method }}
-  community.docker.docker_image:
+  ansible.builtin.include_tasks:
-    name: "{{ jellyfin_container_image_ref }}"
+    file: "deploy-{{ jellyfin_deployment_method }}.yml"
-    state: "{{ jellyfin_state }}"
-    source: "{{ jellyfin_container_image_source }}"
-    force_source: "{{ jellyfin_container_image_tag | default(false, true) }}"
-  register: jellyfin_container_image_pull_result
-  until: jellyfin_container_image_pull_result is succeeded
-  retries: 5
-  delay: 3
-
-- name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }}
-  community.docker.docker_container:
-    name: "{{ jellyfin_container_name }}"
-    image: "{{ jellyfin_container_image_ref }}"
-    user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
-    labels: "{{ jellyfin_container_labels }}"
-    volumes: "{{ jellyfin_container_volumes }}"
-    networks: "{{ jellyfin_container_networks | default(omit, True) }}"
-    network_mode: "{{ jellyfin_container_network_mode }}"
-    restart_policy: "{{ jellyfin_container_restart_policy }}"
-    state: "{{ jellyfin_container_state }}"

roles/jellyfin/vars/main.yml

@@ -2,6 +2,9 @@
 jellyfin_states:
   - present
   - absent
+jellyfin_deployment_methods:
+  - docker
+  - podman
 
 jellyfin_container_base_volumes:
   - "{{ jellyfin_config_path }}:/config:z"

roles/keycloak/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-keycloak_version: "26.1.2"
+keycloak_version: "26.2.5"
 keycloak_container_name: keycloak
 
 keycloak_container_image_upstream_registry: quay.io

roles/phpldapadmin/README.md

@@ -0,0 +1,3 @@
+# `finallycoffee.services.phpldapadmin`
+
+Role to deploy and configure [phpldapadmin](https://github.com/leenooks/phpLDAPadmin).

roles/phpldapadmin/defaults/main/container.yml

@@ -0,0 +1,39 @@
+---
+phpldapadmin_container_name: phpldapadmin
+phpldapadmin_container_image_registry: docker.io
+phpldapadmin_container_image_namespace: phpldapadmin
+phpldapadmin_container_image_name: phpldapadmin
+phpldapadmin_container_image_repository: >-2
+  {{
+    [
+      phpldapadmin_container_image_registry | default([], true),
+      phpldapadmin_container_image_namespace | default([], true),
+      phpldapadmin_container_image_name
+    ] | flatten | join('/')
+  }}
+phpldapadmin_container_image: >-2
+  {{
+    [
+      phpldapadmin_container_image_repository,
+      phpldapadmin_container_image_tag | default(phpldapadmin_version, true)
+    ] | join(':')
+  }}
+phpldapadmin_container_image_tag: ~
+phpldapadmin_container_image_source: pull
+phpldapadmin_container_image_force_source: >-2
+  {{ phpldapadmin_container_image_tag | default(false, true) }}
+phpldapadmin_container_env: ~
+phpldapadmin_container_user: ~
+phpldapadmin_container_ports: ~
+phpldapadmin_container_labels: ~
+phpldapadmin_container_volumes: ~
+phpldapadmin_container_networks: ~
+phpldapadmin_container_network_mode: ~
+phpldapadmin_container_dns_servers: ~
+phpldapadmin_container_etc_hosts: ~
+phpldapadmin_container_memory: ~
+phpldapadmin_container_memory_swap: ~
+phpldapadmin_container_memory_reservation: ~
+phpldapadmin_container_restart_policy: "on-failure"
+phpldapadmin_container_state: >-2
+  {{ (phpldapadmin_state == 'present') | ternary('started', 'absent') }}

roles/phpldapadmin/defaults/main/main.yml

@@ -0,0 +1,5 @@
+---
+phpldapadmin_version: "2.1.2"
+
+phpldapadmin_state: present
+phpldapadmin_deployment_method: docker

roles/phpldapadmin/tasks/deploy-docker.yml

@@ -0,0 +1,27 @@
+---
+- name: Ensure phpldapadmin container image '{{ phpldapadmin_container_image }}' is {{ phpldapadmin_state }}
+  community.docker.docker_image:
+    name: "{{ phpldapadmin_container_image }}"
+    state: "{{ phpldapadmin_state }}"
+    source: "{{ phpldapadmin_container_image_source }}"
+    force_source: "{{ phpldapadmin_container_image_force_source }}"
+
+- name: Ensure phpldapadmin container '{{ phpldapadmin_container_name }}' is {{ phpldapadmin_container_state }}
+  community.docker.docker_container:
+    name: "{{ phpldapadmin_container_name }}"
+    image: "{{ phpldapadmin_container_image }}"
+    env: "{{ phpldapadmin_container_env | default(omit, true) }}"
+    user: "{{ phpldapadmin_container_user | default(omit, true) }}"
+    ports: "{{ phpldapadmin_container_ports | default(omit, true) }}"
+    labels: "{{ phpldapadmin_container_labels | default(omit, true) }}"
+    volumes: "{{ phpldapadmin_container_volumes | default(omit, true) }}"
+    networks: "{{ phpldapadmin_container_networks | default(omit, true) }}"
+    network_mode: "{{ phpldapadmin_container_network_mode | default(omit, true) }}"
+    dns_servers: "{{ phpldapadmin_container_dns_servers | default(omit, true) }}"
+    etc_hosts: "{{ phpldapadmin_container_etc_hosts | default(omit, true) }}"
+    memory: "{{ phpldapadmin_container_memory | default(omit, true) }}"
+    memory_swap: "{{ phpldapadmin_container_memory_swap | default(omit, true) }}"
+    memory_reservation: >-2
+      {{ phpldapadmin_container_memory_reservation | default(omit, true) }}
+    restart_policy: "{{ phpldapadmin_container_restart_policy | default(omit, true) }}"
+    state: "{{ phpldapadmin_container_state }}"

roles/phpldapadmin/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+- name: Ensure 'phpldapadmin_state' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ phpldapadmin_state }}'!
+      Supported states are {{ phpldapadmin_states | join(', ') }}
+  when: phpldapadmin_state not in phpldapadmin_states
+
+- name: Ensure 'phpldapadmin_deployment_method' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported deployment method '{{ phpldapadmin_deployment_method }}'!
+      Supported deployment methods are {{ phpldapadmin_deployment_methods | join(', ') }}
+  when: phpldapadmin_deployment_method not in phpldapadmin_deployment_methods
+
+- name: Deploy using {{ phpldapadmin_deployment_method }}
+  ansible.builtin.import_tasks:
+    file: "deploy-{{ phpldapadmin_deployment_method }}.yml"

roles/phpldapadmin/vars/main.yml

@@ -0,0 +1,6 @@
+---
+phpldapadmin_states:
+  - "present"
+  - "absent"
+phpldapadmin_deployment_methods:
+  - "docker"

roles/snipe_it/defaults/main/container.yml

@@ -1,6 +1,6 @@
 ---
 snipe_it_container_image_registry: docker.io
-snipe_it_container_image_namespace: snipe
+snipe_it_container_image_namespace: 'snipe'
 snipe_it_container_image_name: 'snipe-it'
 snipe_it_container_image_tag: ~
 snipe_it_container_image_flavour: alpine

roles/snipe_it/defaults/main/main.yml

@@ -1,6 +1,6 @@
 ---
 snipe_it_user: snipeit
-snipe_it_version: "7.1.15"
+snipe_it_version: "8.1.15"
 snipe_it_domain: ~
 snipe_it_state: present
 snipe_it_deployment_method: docker

roles/vaultwarden/defaults/main/main.yml

@@ -1,6 +1,6 @@
 ---
 vaultwarden_user: vaultwarden
-vaultwarden_version: "1.33.2"
+vaultwarden_version: "1.34.1"
 
 vaultwarden_config_file: "/etc/vaultwarden/config.json"
 vaultwarden_config_directory: "{{ vaultwarden_config_file | dirname }}"

roles/vaultwarden/tasks/deploy-docker.yml

@@ -20,3 +20,5 @@
     dns_servers: "{{ vaultwarden_container_dns_servers | default(omit, true) }}"
     restart_policy: "{{ vaultwarden_container_restart_policy | default(omit, true) }}"
     state: "{{ vaultwarden_container_state | default(omit, true) }}"
+    comparisons:
+      'env': 'strict'

roles/vaultwarden/tasks/deploy-podman.yml

@@ -0,0 +1,22 @@
+---
+- name: Ensure container image '{{ vaultwarden_container_image }}' is {{ vaultwarden_state }}
+  containers.podman.podman_image:
+    name: "{{ vaultwarden_container_image }}"
+    state: "{{ vaultwarden_state }}"
+    pull: "{{ (vaultwarden_container_image_source == 'pull') | bool }}"
+    force: "{{ vaultwarden_container_image_force_source }}"
+
+- name: Ensure container '{{ vaultwarden_container_name }}' is {{ vaultwarden_container_state }}
+  containers.podman.podman_container:
+    name: "{{ vaultwarden_container_name }}"
+    image: "{{ vaultwarden_container_image }}"
+    env: "{{ vaultwarden_container_env | default(omit, true) }}"
+    user: "{{ vaultwarden_container_user | default(omit, true) }}"
+    ports: "{{ vaultwarden_container_ports | default(omit, true) }}"
+    labels: "{{ vaultwarden_container_labels | default(omit, true) }}"
+    volumes: "{{ vaultwarden_container_volumes }}"
+    network: "{{ vaultwarden_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ vaultwarden_container_etc_hosts | default(omit, true) }}"
+    dns_servers: "{{ vaultwarden_container_dns_servers | default(omit, true) }}"
+    restart_policy: "{{ vaultwarden_container_restart_policy | default(omit, true) }}"
+    state: "{{ vaultwarden_container_state | default(omit, true) }}"

roles/vaultwarden/vars/main.yml

@@ -4,6 +4,7 @@ vaultwarden_states:
   - absent
 vaultwarden_deployment_methods:
   - docker
+  - podman
 vaultwarden_required_variables:
   - vaultwarden_config_domain
 vaultwarden_conditionally_required_variables:

roles/vouch_proxy/defaults/main.yml

@@ -1,7 +1,6 @@
 ---
-
 vouch_proxy_user: vouch-proxy
-vouch_proxy_version: 0.40.0
+vouch_proxy_version: "0.41.0"
 vouch_proxy_base_path: /opt/vouch-proxy
 vouch_proxy_config_path: "{{ vouch_proxy_base_path }}/config"
 vouch_proxy_config_file: "{{ vouch_proxy_config_path }}/config.yaml"