fix: secure pg + fix old way of sharing podman network

2026-05-29 21:31:07 +02:00
parent ffeff6556b
commit 4ae7721070
4 changed files with 40 additions and 19 deletions
@@ -20,6 +20,29 @@
    interface: "{{ item }}"
  loop: "{{ hostvars[inventory_hostname].network_interfaces | default([]) }}"

+- name: Remove stale podman-gw systemd-networkd configuration
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /etc/systemd/network/10-podman-gw.netdev
+    - /etc/systemd/network/20-podman-gw.network
+  register: stale_podman_gw
+
+- name: Mark networkd reload required after podman-gw cleanup
+  ansible.builtin.set_fact:
+    network_reload_required: true
+  when: stale_podman_gw is changed
+
+- name: Tear down podman-gw bridge interface if present
+  ansible.builtin.command: ip link delete podman-gw
+  register: podman_gw_link_del
+  changed_when: podman_gw_link_del.rc == 0
+  failed_when:
+    - podman_gw_link_del.rc != 0
+    - "'Cannot find device' not in podman_gw_link_del.stderr"
+    - "'does not exist' not in podman_gw_link_del.stderr"
+
 - name: Reload networkd and resolved
  ansible.builtin.systemd:
    name: "{{ item }}"