feat: Move from Debian to Fedora

defaults/main.yml

@@ -3,20 +3,20 @@
 
 # Packages to install to run podman
 podman_packages:
-  - dbus-user-session
-  - passt
   - podman
-  - systemd-container
+  - policycoreutils-python-utils # to manage SELinux
-  - uidmap
 
 # Dedicated user
 podman_user: podman
+podman_user_homedir: /home/{{ podman_user }}
 
 # Enable container auto-update
 podman_auto_update: true
 
-# Define pods
+# List of quadlets to deploy
-podman_pods: []
+podman_quadlets: []
-
+# Example:
-# Define containers
+# podman_quadlets:
-podman_containers: []
+#   - uptime-kuma.network
+#   - uptime-kuma.container
+#   - signal-cli-rest-api.container

handlers/main.yml

@@ -1,12 +1,22 @@
 ---
 # handlers file for podman
 
-- name: Set default permissions on volumes folders
+- name: Start or restart quadlets
-  ansible.builtin.file:
+  ansible.builtin.systemd_service:
-    path: "{{ item.path }}"
+    name: "{{ unit }}"
-    owner: "{{ podman_user }}"
+    state: "{{ 'restarted' if item.changed else 'started' }}"
-    group: "{{ podman_user }}"
+    daemon_reload: true
+    enabled: true
+    scope: user
   become: true
-  loop: "{{ folders.results | selectattr('changed', 'equalto', true) }}"
+  become_user: "{{ podman_user }}"
+  loop: "{{ deployed_quadlets.results }}"
   loop_control:
-    label: "{{ item.path }}"
+    label: "{{ unit }}"
+  vars:
+    unit: >-
+      {{
+        item.item | ansible.builtin.basename |
+        ansible.builtin.regex_replace('\.container$', '.service') |
+        ansible.builtin.regex_replace('\.network$', '-network.service')
+      }}

meta/main.yml

@@ -1,15 +1,15 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Deploy podman, manage pods and containers
+  description: Deploy podman quadlets
 
   license: GPL-3.0-or-later
 
   min_ansible_version: '2.1'
 
   platforms:
-    - name: CoreOS
+    - name: Fedora
       versions:
-        - 41
+        - "43"
 
 dependencies: []

tasks/config.yml

@@ -0,0 +1,42 @@
+---
+# tasks file for podman
+
+- name: Disable global podman auto-update
+  ansible.builtin.systemd_service:
+    name: podman-auto-update.timer
+    enabled: false
+  become: true
+
+- name: Enable lingering for podman user
+  ansible.builtin.command:
+    cmd: loginctl enable-linger {{ podman_user }}
+    creates: /var/lib/systemd/linger/podman
+  become: true
+
+- name: Enable containers auto-update service
+  ansible.builtin.systemd_service:
+    name: podman-auto-update.timer
+    state: started
+    daemon_reload: true
+    scope: user
+  when: podman_auto_update
+  become: true
+  become_user: "{{ podman_user }}"
+
+- name: Create podman user directory tree
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: "{{ item.mode }}"
+    state: directory
+  become: true
+  loop:
+    - path: "{{ podman_user_homedir }}/.config"
+      mode: u=rwX,g=,o=
+    - path: "{{ podman_user_homedir }}/.config/containers"
+      mode: u=rwX,g=rX,o=rX
+    - path: "{{ podman_user_homedir }}/.config/containers/systemd"
+      mode: u=rwX,g=rX,o=rX
+  loop_control:
+    label: "{{ item.path }}"

tasks/containers.yml

@@ -1,25 +0,0 @@
----
-# tasks file for podman
-
-- name: Deploy containers
-  containers.podman.podman_container: "{{ container }}"
-  become: true
-  become_user: "{{ podman_user }}"
-  loop: "{{ podman_containers }}"
-  loop_control:
-    label: "{{ item.name }}"
-  register: deployed_containers
-  vars:
-    container: "{{ podman_containers_defaults | ansible.builtin.combine(item) }}"
-
-- name: Start or restart containers
-  ansible.builtin.systemd_service:
-    name: "{{ item.item.name }}.service"
-    state: "{{ 'restarted' if item.changed else 'started' }}"
-    daemon_reload: true
-    scope: user
-  become: true
-  become_user: "{{ podman_user }}"
-  loop: "{{ deployed_containers.results }}"
-  loop_control:
-    label: "{{ item.item.name }}"

tasks/installation.yml

@@ -1,7 +0,0 @@
----
-# tasks file for dnsmasq
-
-- name: Install podman
-  ansible.builtin.apt:
-    name: "{{ podman_packages }}"
-  become: true

tasks/main.yml

@@ -1,22 +1,17 @@
 ---
 # tasks file for podman
 
-- name: Import installation tasks
+- name: Import prepare tasks
-  ansible.builtin.import_tasks:
-    file: installation.yml
-
-- name: Import instance preparation tasks
   ansible.builtin.import_tasks:
     file: prepare.yml
 
-- name: Import networks management tasks
+- name: Import configuration tasks
   ansible.builtin.import_tasks:
-    file: networks.yml
+    file: config.yml
 
-- name: Import pods management tasks
+- name: Import management tasks
   ansible.builtin.import_tasks:
-    file: pods.yml
+    file: manage.yml
 
-- name: Import containers management tasks
+- name: Flush handlers
-  ansible.builtin.import_tasks:
+  ansible.builtin.meta: flush_handlers
-    file: containers.yml

tasks/manage.yml

@@ -0,0 +1,58 @@
+---
+# tasks file for podman
+
+- name: List current quadlets
+  ansible.builtin.find:
+    paths: "{{ podman_user_homedir }}/.config/containers/systemd"
+  become: true
+  register: current_quadlets
+
+- name: Extract list of undefined quadlets
+  ansible.builtin.set_fact:
+    podman_quadlets_undefined: >-
+      {{
+        current_quadlets.files |
+        map(attribute='path') |
+        map('ansible.builtin.basename') |
+        ansible.builtin.difference(podman_qualets_filenames)
+      }}
+  vars:
+    podman_qualets_filenames: "{{ podman_quadlets | map('ansible.builtin.basename') }}"
+
+- name: Stop unwanted quadlets
+  ansible.builtin.systemd_service:
+    name: "{{ unit }}"
+    state: stopped
+    daemon_reload: true
+    scope: user
+  become: true
+  become_user: "{{ podman_user }}"
+  loop: "{{ podman_quadlets_undefined }}"
+  loop_control:
+    label: "{{ unit }}"
+  vars:
+    unit: >-
+      {{
+        item | ansible.builtin.basename |
+        ansible.builtin.regex_replace('\.container$', '.service') |
+        ansible.builtin.regex_replace('\.network$', '-network.service')
+      }}
+
+- name: Remove undefined quadlets
+  ansible.builtin.file:
+    path: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item }}"
+    state: absent
+  become: true
+  loop: "{{ podman_quadlets_undefined }}"
+
+- name: Deploy quadlets
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item | ansible.builtin.basename }}"
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: u=rw,g=r,o=
+  become: true
+  loop: "{{ podman_quadlets }}"
+  register: deployed_quadlets
+  notify: Start or restart quadlets

tasks/networks.yml

@@ -1,25 +0,0 @@
----
-# tasks file for podman
-
-- name: Deploy networks
-  containers.podman.podman_network: "{{ network }}"
-  become: true
-  become_user: "{{ podman_user }}"
-  loop: "{{ podman_networks }}"
-  loop_control:
-    label: "{{ item.name }}"
-  register: deployed_networks
-  vars:
-    network: "{{ podman_networks_defaults | ansible.builtin.combine(item) }}"
-
-- name: Start or restart networks
-  ansible.builtin.systemd_service:
-    name: "{{ item.item.name }}-network.service"
-    state: "{{ 'restarted' if item.changed else 'started' }}"
-    daemon_reload: true
-    scope: user
-  become: true
-  become_user: "{{ podman_user }}"
-  loop: "{{ deployed_networks.results }}"
-  loop_control:
-    label: "{{ item.item.name }}"

tasks/pods.yml

@@ -1,25 +0,0 @@
----
-# tasks file for podman
-
-- name: Deploy pods
-  containers.podman.podman_pod: "{{ pod }}"
-  become: true
-  become_user: "{{ podman_user }}"
-  loop: "{{ podman_pods }}"
-  loop_control:
-    label: "{{ item.name }}"
-  register: deployed_pods
-  vars:
-    pod: "{{ podman_pods_defaults | ansible.builtin.combine(item) }}"
-
-- name: Start or restart pods
-  ansible.builtin.systemd_service:
-    name: "{{ item.item.name }}-pod.service"
-    state: "{{ 'restarted' if item.changed else 'started' }}"
-    daemon_reload: true
-    scope: user
-  become: true
-  become_user: "{{ podman_user }}"
-  loop: "{{ deployed_pods.results }}"
-  loop_control:
-    label: "{{ item.item.name }}"

tasks/prepare.yml

@@ -1,6 +1,11 @@
 ---
 # tasks file for podman
 
+- name: Install packages
+  ansible.builtin.dnf:
+    name: "{{ podman_packages }}"
+  become: true
+
 - name: Create dedicated group
   ansible.builtin.group:
     name: "{{ podman_user }}"
@@ -10,40 +15,8 @@
   ansible.builtin.user:
     name: "{{ podman_user }}"
     comment: Dedicated Podman user
+    home: "{{ podman_user_homedir }}"
     password_lock: true
     shell: /bin/bash
     group: podman
   become: true
-
-- name: Disable global podman auto-update
-  ansible.builtin.systemd_service:
-    name: podman-auto-update.timer
-    enabled: false
-  become: true
-
-- name: Enable containers auto-update service
-  ansible.builtin.command:
-    cmd: systemctl --user --machine={{ podman_user }}@ start podman-auto-update.timer
-  when: podman_auto_update
-  become: true
-
-- name: Enable lingering for podman user
-  ansible.builtin.command:
-    cmd: loginctl enable-linger {{ podman_user }}
-    creates: /var/lib/systemd/linger/podman
-  become: true
-
-- name: Create subvolumes paths
-  ansible.builtin.file:
-    path: "{{ item.1 | split(':') | first }}"
-    state: directory
-    mode: u=rwX,g=rX,o=rX
-  become: true
-  loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}"
-  loop_control:
-    label: "{{ item.0.name }}"
-  register: folders
-  notify: Set default permissions on volumes folders
-
-- name: Execute handlers
-  ansible.builtin.meta: flush_handlers

vars/main.yml

@@ -1,16 +1,10 @@
 ---
 
-podman_pods_defaults: []
+# Convert quadlets filename to systemd units
-
+podman_units: >
-podman_networks_defaults:
+  {{
-  state: quadlet
+    podman_quadlets |
-  recreate: true
+    map('regex_replace', '\\.container$', '.service') |
-
+    map('regex_replace', '\\.network$', '-network.service') |
-podman_containers_defaults:
+    list
-  state: quadlet
+  }}
-  recreate: true
-  quadlet_options:
-    - "AutoUpdate=registry"
-    - |
-      [Install]
-      WantedBy=default.target