fix: secure pg + fix old way of sharing podman network

inventory/host_vars/example.yml

@@ -14,10 +14,6 @@ network_interfaces:
   - name: lan1
     type: ethernet
     mac_address: 0a:3f:5b:1c:d2:e4
-  - name: podman-gw
-    type: bridge
-    ipv4:
-      address: "{{ podman_gw_gateway }}/10"
 
 # Unbound DNS resolver configuration
 # ----------------------------------
@@ -151,24 +147,24 @@ nfs_bind_addresses:
 
 # Podman configuration
 # --------------------
-podman_gw_gateway: 100.64.0.1
-podman_gw_subnet: 100.64.0.0/10
+# Address inside containers that maps to the host's loopback (via pasta
+# --map-host-loopback). Containers reach host services bound to 127.0.0.1
+# by connecting to this address. Defined in roles/podman/defaults/main.yml.
+# podman_gw_gateway: 100.64.0.1
 
 # PostgreSQL configuration
 # ------------------------
 postgres_admin_password: "{{ vault_postgres_admin_password }}"
-postgres_bind: "127.0.0.1,{{ podman_gw_gateway }}" # Comma-separated for PostgreSQL
+postgres_bind: "127.0.0.1"
 postgres_firewall_allowed_sources:
   - 127.0.0.0/8
-  - "{{ podman_gw_subnet }}"
 
 # Valkey configuration
 # --------------------
 valkey_admin_password: "{{ vault_valkey_admin_password }}"
-valkey_bind: "127.0.0.1 {{ podman_gw_gateway }}" # Space-separated for Valkey
+valkey_bind: "127.0.0.1"
 valkey_firewall_allowed_sources:
   - 127.0.0.0/8
-  - "{{ podman_gw_subnet }}"
 
 # Valkey ACL users
 valkey_acl_users: