ansible/role_podman
2
Fork 0
Code Pull Requests 1 Releases Activity

feat: Add rootful capability

Browse Source
This commit is contained in:
pulsar89.5
2026-04-20 17:21:32 +02:00
parent da83cf1e00
commit 801b9b4cb9
8 changed files with 128 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
defaults/main.yml
View File

@@ -14,9 +14,11 @@ podman_user_homedir: /home/{{ podman_user }}
podman_auto_update: true podman_auto_update: true
# List of quadlets to deploy # List of quadlets to deploy
podman_quadlets: [] podman_quadlets_rootless: []
# Example: # Example:
# podman_quadlets: # podman_quadlets:
# - uptime-kuma.network # - uptime-kuma.network
# - uptime-kuma.container # - uptime-kuma.container
# - signal-cli-rest-api.container # - signal-cli-rest-api.container
podman_quadlets_rootful: []

25
handlers/main.yml
View File

@@ -1,7 +1,7 @@
--- ---
# handlers file for podman # handlers file for podman
- name: Start or restart quadlets - name: Start or restart rootless quadlets
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: "{{ unit }}" name: "{{ unit }}"
state: "{{ 'restarted' if item.changed else 'started' }}" state: "{{ 'restarted' if item.changed else 'started' }}"
@@ -10,13 +10,32 @@
scope: user scope: user
become: true become: true
become_user: "{{ podman_user }}" become_user: "{{ podman_user }}"
loop: "{{ deployed_quadlets.results }}" loop: "{{ deployed_quadlets_rootless.results }}"
loop_control: loop_control:
label: "{{ unit }}" label: "{{ unit }}"
vars: vars:
unit: >- unit: >-
{{ {{
item.item.filename | default(item.item) | ansible.builtin.basename | item.item | ansible.builtin.basename |
ansible.builtin.regex_replace('\.container$', '.service') |
ansible.builtin.regex_replace('\.network$', '-network.service') |
ansible.builtin.regex_replace('\.volume$', '-volume.service')
}}
- name: Start or restart rootful quadlets
ansible.builtin.systemd_service:
name: "{{ unit }}"
state: "{{ 'restarted' if item.changed else 'started' }}"
daemon_reload: true
enabled: true
become: true
loop: "{{ deployed_quadlets_rootful.results }}"
loop_control:
label: "{{ unit }}"
vars:
unit: >-
{{
item.item | ansible.builtin.basename |
ansible.builtin.regex_replace('\.container$', '.service') | ansible.builtin.regex_replace('\.container$', '.service') |
ansible.builtin.regex_replace('\.network$', '-network.service') | ansible.builtin.regex_replace('\.network$', '-network.service') |
ansible.builtin.regex_replace('\.volume$', '-volume.service') ansible.builtin.regex_replace('\.volume$', '-volume.service')

19
tasks/config.yml
View File

@@ -1,15 +1,24 @@
--- ---
# tasks file for podman # tasks file for podman
- name: Disable global podman auto-update - name: Create dedicated group
ansible.builtin.systemd_service: ansible.builtin.group:
name: podman-auto-update.timer name: "{{ podman_user }}"
enabled: false become: true
- name: Create dedicated user
ansible.builtin.user:
name: "{{ podman_user }}"
comment: Dedicated Podman user
home: "{{ podman_user_homedir }}"
password_lock: true
shell: /bin/bash
group: podman
become: true become: true
- name: Enable lingering for podman user - name: Enable lingering for podman user
ansible.builtin.command: ansible.builtin.command:
cmd: "{{ item }}" cmd: "{{ item }}"
creates: /var/lib/systemd/linger/{{ podman_user }} creates: /var/lib/systemd/linger/{{ podman_user }}
become: true become: true
loop: loop:

18
tasks/main.yml
View File

@@ -1,17 +1,25 @@
--- ---
# tasks file for podman # tasks file for podman
- name: Import prepare tasks - name: Install packages
ansible.builtin.import_tasks: ansible.builtin.dnf:
file: prepare.yml name: "{{ podman_packages }}"
become: true
- name: Import configuration tasks - name: Import configuration tasks
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: config.yml file: config.yml
when: podman_quadlets_rootless | length > 0
- name: Import management tasks - name: Import management tasks for rootless quadlets
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: manage.yml file: manage_rootless.yml
when: podman_quadlets_rootless | length > 0
- name: Import management tasks for rootful quadlets
ansible.builtin.import_tasks:
file: manage_rootful.yml
when: podman_quadlets_rootful | length > 0
- name: Flush handlers - name: Flush handlers
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers

64
tasks/manage.yml
View File

@@ -1,64 +0,0 @@
---
# tasks file for podman
#- name: List current quadlets
# ansible.builtin.find:
# paths: "{{ podman_user_homedir }}/.config/containers/systemd"
# become: true
# register: current_quadlets
#
#- name: Extract list of undefined quadlets
# ansible.builtin.set_fact:
# podman_quadlets_undefined: >-
# {{
# current_quadlets.files |
# map(attribute='path') |
# map('ansible.builtin.basename') |
# ansible.builtin.difference(podman_qualets_filenames)
# }}
# vars:
# podman_qualets_filenames: "{{ podman_quadlets | map('ansible.builtin.basename') }}"
#
#- name: Stop unwanted quadlets
# ansible.builtin.systemd_service:
# name: "{{ unit }}"
# state: stopped
# daemon_reload: true
# scope: user
# become: true
# become_user: "{{ podman_user }}"
# loop: "{{ podman_quadlets_undefined }}"
# loop_control:
# label: "{{ unit }}"
# vars:
# unit: >-
# {{
# item | ansible.builtin.basename |
# ansible.builtin.regex_replace('\.container$', '.service') |
# ansible.builtin.regex_replace('\.network$', '-network.service') |
# ansible.builtin.regex_replace('\.volume$', '-volume.service')
# }}
#
#- name: Remove undefined quadlets
# ansible.builtin.file:
# path: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item }}"
# state: absent
# become: true
# loop: "{{ podman_quadlets_undefined }}"
- name: Deploy quadlets
ansible.builtin.template:
src: "{{ item.template | default(item) }}.j2"
dest: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item.filename | default(item) | ansible.builtin.basename }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: u=rw,g=r,o=
become: true
loop: "{{ podman_quadlets }}"
loop_control:
label: "{{ item.filename | default(item) }}"
register: deployed_quadlets
notify: Start or restart quadlets
- name: Flush handlers
ansible.builtin.meta: flush_handlers

17
tasks/manage_rootful.yml Normal file
View File

@@ -0,0 +1,17 @@
---
# tasks file for podman
- name: Deploy rootful quadlets
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/containers/systemd/{{ item | ansible.builtin.basename }}"
owner: root
group: root
mode: u=rw,g=r,o=
become: true
loop: "{{ podman_quadlets_rootful }}"
register: deployed_quadlets_rootful
notify: Start or restart rootful quadlets
- name: Flush handlers
ansible.builtin.meta: flush_handlers

59
tasks/manage_rootless.yml Normal file
View File

@@ -0,0 +1,59 @@
---
# tasks file for podman
- name: List current rootless quadlets
ansible.builtin.find:
paths: "{{ podman_user_homedir }}/.config/containers/systemd"
become: true
register: current_quadlets
- name: Extract list of undefined quadlets
ansible.builtin.set_fact:
podman_quadlets_undefined: >-
{{
current_quadlets.files |
map(attribute='path') |
map('ansible.builtin.basename') |
ansible.builtin.difference(podman_qualets_filenames)
}}
vars:
podman_qualets_filenames: "{{ podman_quadlets_rootless | map('ansible.builtin.basename') }}"
- name: Stop unwanted rootless quadlets
ansible.builtin.systemd_service:
name: "{{ unit }}"
state: stopped
daemon_reload: true
scope: user
become: true
become_user: "{{ podman_user }}"
loop: "{{ podman_quadlets_undefined }}"
loop_control:
label: "{{ unit }}"
vars:
unit: >-
{{
item | ansible.builtin.basename |
ansible.builtin.regex_replace('\.container$', '.service') |
ansible.builtin.regex_replace('\.network$', '-network.service') |
ansible.builtin.regex_replace('\.volume$', '-volume.service')
}}
- name: Remove undefined rootless quadlets
ansible.builtin.file:
path: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item }}"
state: absent
become: true
loop: "{{ podman_quadlets_undefined }}"
- name: Deploy rootless quadlets
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item | ansible.builtin.basename }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: u=rw,g=r,o=
become: true
loop: "{{ podman_quadlets_rootless }}"
register: deployed_quadlets_rootless
notify: Start or restart rootless quadlets

22
tasks/prepare.yml
View File

@@ -1,22 +0,0 @@
---
# tasks file for podman
- name: Install packages
ansible.builtin.dnf:
name: "{{ podman_packages }}"
become: true
- name: Create dedicated group
ansible.builtin.group:
name: "{{ podman_user }}"
become: true
- name: Create dedicated user
ansible.builtin.user:
name: "{{ podman_user }}"
comment: Dedicated Podman user
home: "{{ podman_user_homedir }}"
password_lock: true
shell: /bin/bash
group: podman
become: true