From da83cf1e00e819061c70b9cfdcbf39011c38e9f1 Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Fri, 10 Apr 2026 15:50:29 +0200 Subject: [PATCH] feat: Move from Debian to Fedora --- defaults/main.yml | 18 ++++++------ handlers/main.yml | 25 ++++++++++++----- meta/main.yml | 6 ++-- tasks/config.yml | 45 +++++++++++++++++++++++++++++ tasks/containers.yml | 25 ----------------- tasks/installation.yml | 7 ----- tasks/main.yml | 19 +++++-------- tasks/manage.yml | 64 ++++++++++++++++++++++++++++++++++++++++++ tasks/networks.yml | 25 ----------------- tasks/pods.yml | 25 ----------------- tasks/prepare.yml | 39 ++++--------------------- vars/main.yml | 16 ----------- 12 files changed, 152 insertions(+), 162 deletions(-) create mode 100644 tasks/config.yml delete mode 100644 tasks/containers.yml delete mode 100644 tasks/installation.yml create mode 100644 tasks/manage.yml delete mode 100644 tasks/networks.yml delete mode 100644 tasks/pods.yml delete mode 100644 vars/main.yml diff --git a/defaults/main.yml b/defaults/main.yml index 760678a..567bcf7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,20 +3,20 @@ # Packages to install to run podman podman_packages: - - dbus-user-session - - passt - podman - - systemd-container - - uidmap + - policycoreutils-python-utils # to manage SELinux # Dedicated user podman_user: podman +podman_user_homedir: /home/{{ podman_user }} # Enable container auto-update podman_auto_update: true -# Define pods -podman_pods: [] - -# Define containers -podman_containers: [] +# List of quadlets to deploy +podman_quadlets: [] +# Example: +# podman_quadlets: +# - uptime-kuma.network +# - uptime-kuma.container +# - signal-cli-rest-api.container diff --git a/handlers/main.yml b/handlers/main.yml index a57cacd..e6192b6 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,12 +1,23 @@ --- # handlers file for podman -- name: Set default permissions on volumes folders - ansible.builtin.file: - path: "{{ item.path }}" - owner: "{{ podman_user }}" - group: "{{ podman_user }}" +- name: Start or restart quadlets + ansible.builtin.systemd_service: + name: "{{ unit }}" + state: "{{ 'restarted' if item.changed else 'started' }}" + daemon_reload: true + enabled: true + scope: user become: true - loop: "{{ folders.results | selectattr('changed', 'equalto', true) }}" + become_user: "{{ podman_user }}" + loop: "{{ deployed_quadlets.results }}" loop_control: - label: "{{ item.path }}" + label: "{{ unit }}" + vars: + unit: >- + {{ + item.item.filename | default(item.item) | ansible.builtin.basename | + ansible.builtin.regex_replace('\.container$', '.service') | + ansible.builtin.regex_replace('\.network$', '-network.service') | + ansible.builtin.regex_replace('\.volume$', '-volume.service') + }} diff --git a/meta/main.yml b/meta/main.yml index ed161c5..c35d9c8 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,15 +1,15 @@ galaxy_info: namespace: ykn author: pulsar89.5 - description: Deploy podman, manage pods and containers + description: Deploy podman quadlets license: GPL-3.0-or-later min_ansible_version: '2.1' platforms: - - name: CoreOS + - name: Fedora versions: - - 41 + - "43" dependencies: [] diff --git a/tasks/config.yml b/tasks/config.yml new file mode 100644 index 0000000..391b32a --- /dev/null +++ b/tasks/config.yml @@ -0,0 +1,45 @@ +--- +# tasks file for podman + +- name: Disable global podman auto-update + ansible.builtin.systemd_service: + name: podman-auto-update.timer + enabled: false + become: true + +- name: Enable lingering for podman user + ansible.builtin.command: + cmd: "{{ item }}" + creates: /var/lib/systemd/linger/{{ podman_user }} + become: true + loop: + - sudo systemctl --machine={{ podman_user }}@.host --user daemon-reload + - loginctl enable-linger {{ podman_user }} + +- name: Enable containers auto-update service + ansible.builtin.systemd_service: + name: podman-auto-update.timer + state: started + daemon_reload: true + scope: user + when: podman_auto_update + become: true + become_user: "{{ podman_user }}" + +- name: Create podman user directory tree + ansible.builtin.file: + path: "{{ item.path }}" + owner: "{{ podman_user }}" + group: "{{ podman_user }}" + mode: "{{ item.mode }}" + state: directory + become: true + loop: + - path: "{{ podman_user_homedir }}/.config" + mode: u=rwX,g=,o= + - path: "{{ podman_user_homedir }}/.config/containers" + mode: u=rwX,g=rX,o=rX + - path: "{{ podman_user_homedir }}/.config/containers/systemd" + mode: u=rwX,g=rX,o=rX + loop_control: + label: "{{ item.path }}" diff --git a/tasks/containers.yml b/tasks/containers.yml deleted file mode 100644 index 2ba73d2..0000000 --- a/tasks/containers.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# tasks file for podman - -- name: Deploy containers - containers.podman.podman_container: "{{ container }}" - become: true - become_user: "{{ podman_user }}" - loop: "{{ podman_containers }}" - loop_control: - label: "{{ item.name }}" - register: deployed_containers - vars: - container: "{{ podman_containers_defaults | ansible.builtin.combine(item) }}" - -- name: Start or restart containers - ansible.builtin.systemd_service: - name: "{{ item.item.name }}.service" - state: "{{ 'restarted' if item.changed else 'started' }}" - daemon_reload: true - scope: user - become: true - become_user: "{{ podman_user }}" - loop: "{{ deployed_containers.results }}" - loop_control: - label: "{{ item.item.name }}" diff --git a/tasks/installation.yml b/tasks/installation.yml deleted file mode 100644 index 98aa58f..0000000 --- a/tasks/installation.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# tasks file for dnsmasq - -- name: Install podman - ansible.builtin.apt: - name: "{{ podman_packages }}" - become: true diff --git a/tasks/main.yml b/tasks/main.yml index 126aee9..6aa1c95 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,22 +1,17 @@ --- # tasks file for podman -- name: Import installation tasks - ansible.builtin.import_tasks: - file: installation.yml - -- name: Import instance preparation tasks +- name: Import prepare tasks ansible.builtin.import_tasks: file: prepare.yml -- name: Import networks management tasks +- name: Import configuration tasks ansible.builtin.import_tasks: - file: networks.yml + file: config.yml -- name: Import pods management tasks +- name: Import management tasks ansible.builtin.import_tasks: - file: pods.yml + file: manage.yml -- name: Import containers management tasks - ansible.builtin.import_tasks: - file: containers.yml +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/tasks/manage.yml b/tasks/manage.yml new file mode 100644 index 0000000..fc05408 --- /dev/null +++ b/tasks/manage.yml @@ -0,0 +1,64 @@ +--- +# tasks file for podman + +#- name: List current quadlets +# ansible.builtin.find: +# paths: "{{ podman_user_homedir }}/.config/containers/systemd" +# become: true +# register: current_quadlets +# +#- name: Extract list of undefined quadlets +# ansible.builtin.set_fact: +# podman_quadlets_undefined: >- +# {{ +# current_quadlets.files | +# map(attribute='path') | +# map('ansible.builtin.basename') | +# ansible.builtin.difference(podman_qualets_filenames) +# }} +# vars: +# podman_qualets_filenames: "{{ podman_quadlets | map('ansible.builtin.basename') }}" +# +#- name: Stop unwanted quadlets +# ansible.builtin.systemd_service: +# name: "{{ unit }}" +# state: stopped +# daemon_reload: true +# scope: user +# become: true +# become_user: "{{ podman_user }}" +# loop: "{{ podman_quadlets_undefined }}" +# loop_control: +# label: "{{ unit }}" +# vars: +# unit: >- +# {{ +# item | ansible.builtin.basename | +# ansible.builtin.regex_replace('\.container$', '.service') | +# ansible.builtin.regex_replace('\.network$', '-network.service') | +# ansible.builtin.regex_replace('\.volume$', '-volume.service') +# }} +# +#- name: Remove undefined quadlets +# ansible.builtin.file: +# path: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item }}" +# state: absent +# become: true +# loop: "{{ podman_quadlets_undefined }}" + +- name: Deploy quadlets + ansible.builtin.template: + src: "{{ item.template | default(item) }}.j2" + dest: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item.filename | default(item) | ansible.builtin.basename }}" + owner: "{{ podman_user }}" + group: "{{ podman_user }}" + mode: u=rw,g=r,o= + become: true + loop: "{{ podman_quadlets }}" + loop_control: + label: "{{ item.filename | default(item) }}" + register: deployed_quadlets + notify: Start or restart quadlets + +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/tasks/networks.yml b/tasks/networks.yml deleted file mode 100644 index d4aa46d..0000000 --- a/tasks/networks.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# tasks file for podman - -- name: Deploy networks - containers.podman.podman_network: "{{ network }}" - become: true - become_user: "{{ podman_user }}" - loop: "{{ podman_networks }}" - loop_control: - label: "{{ item.name }}" - register: deployed_networks - vars: - network: "{{ podman_networks_defaults | ansible.builtin.combine(item) }}" - -- name: Start or restart networks - ansible.builtin.systemd_service: - name: "{{ item.item.name }}-network.service" - state: "{{ 'restarted' if item.changed else 'started' }}" - daemon_reload: true - scope: user - become: true - become_user: "{{ podman_user }}" - loop: "{{ deployed_networks.results }}" - loop_control: - label: "{{ item.item.name }}" diff --git a/tasks/pods.yml b/tasks/pods.yml deleted file mode 100644 index 58e7196..0000000 --- a/tasks/pods.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# tasks file for podman - -- name: Deploy pods - containers.podman.podman_pod: "{{ pod }}" - become: true - become_user: "{{ podman_user }}" - loop: "{{ podman_pods }}" - loop_control: - label: "{{ item.name }}" - register: deployed_pods - vars: - pod: "{{ podman_pods_defaults | ansible.builtin.combine(item) }}" - -- name: Start or restart pods - ansible.builtin.systemd_service: - name: "{{ item.item.name }}-pod.service" - state: "{{ 'restarted' if item.changed else 'started' }}" - daemon_reload: true - scope: user - become: true - become_user: "{{ podman_user }}" - loop: "{{ deployed_pods.results }}" - loop_control: - label: "{{ item.item.name }}" diff --git a/tasks/prepare.yml b/tasks/prepare.yml index cc2652e..9a8f892 100644 --- a/tasks/prepare.yml +++ b/tasks/prepare.yml @@ -1,6 +1,11 @@ --- # tasks file for podman +- name: Install packages + ansible.builtin.dnf: + name: "{{ podman_packages }}" + become: true + - name: Create dedicated group ansible.builtin.group: name: "{{ podman_user }}" @@ -10,40 +15,8 @@ ansible.builtin.user: name: "{{ podman_user }}" comment: Dedicated Podman user + home: "{{ podman_user_homedir }}" password_lock: true shell: /bin/bash group: podman become: true - -- name: Disable global podman auto-update - ansible.builtin.systemd_service: - name: podman-auto-update.timer - enabled: false - become: true - -- name: Enable containers auto-update service - ansible.builtin.command: - cmd: systemctl --user --machine={{ podman_user }}@ start podman-auto-update.timer - when: podman_auto_update - become: true - -- name: Enable lingering for podman user - ansible.builtin.command: - cmd: loginctl enable-linger {{ podman_user }} - creates: /var/lib/systemd/linger/podman - become: true - -- name: Create subvolumes paths - ansible.builtin.file: - path: "{{ item.1 | split(':') | first }}" - state: directory - mode: u=rwX,g=rX,o=rX - become: true - loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}" - loop_control: - label: "{{ item.0.name }}" - register: folders - notify: Set default permissions on volumes folders - -- name: Execute handlers - ansible.builtin.meta: flush_handlers diff --git a/vars/main.yml b/vars/main.yml deleted file mode 100644 index 8c9747e..0000000 --- a/vars/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -podman_pods_defaults: [] - -podman_networks_defaults: - state: quadlet - recreate: true - -podman_containers_defaults: - state: quadlet - recreate: true - quadlet_options: - - "AutoUpdate=registry" - - | - [Install] - WantedBy=default.target -- 2.51.0