infrastructure/roles/podman/tasks/Fedora.yml

- name: Ensure podman is installed.
  ansible.builtin.package:
    name:
      - "podman"
    state: "present"
  become: true

- name: Ensure needed packages for podman machine are installed.
  ansible.builtin.package:
    name:
      - "qemu-system-x86-core"
      - "qemu-img"
      - "podman-gvproxy"
    state: "present"
  become: true
  when: podman_install_machine_packages

- name: Enable sebool container_manage_cgroup.
  ansible.posix.seboolean:
    name: container_manage_cgroup
    state: true
    persistent: true
  become: true

- name: Ensure 'containers' system user exists
  ansible.builtin.user:
    name: "containers"
    comment: "system user which holds subuids/subgids used by podman for rootful usernamespaced containers"
    create_home: false
    password: "*"
    state: present
    system: true
  become: true

- name: Ensure the 'containers' user has subuids/subgids configured
  ansible.builtin.lineinfile:
    path: "{{ item.path }}"
    regexp: "^containers:[0-9]+:[0-9]+$"
    line: "containers:{{ podman_usernamespace_uid_start }}:{{ podman_usernamespace_uid_amount }}"
  loop:
    - path: "/etc/subuid"
    - path: "/etc/subgid"
  become: true

- name: Setup default container timezone
  when: podman_default_timezone is defined
  block:
    - name: Ensure timezone is set in containers.conf
      community.general.ini_file:
        path: /etc/containers/containers.conf
        backup: true
        create: true
        state: present
        mode: "0644"
        owner: root
        group: root
        option: tz
        section: containers
        value: "'{{ podman_default_timezone }}'"
      register: podman_updated_containers_conf
      become: true
    - name: Validate containers.conf
      ansible.builtin.command:
        cmd: podman info
      changed_when: false
      become: true
  rescue:
    # This is needed if there was no containers.conf to begin with.
    # In that case there would be no backup file and the bad containers.conf would stay behind
    # even after the `copy` module below.
    - name: Remove bad containers.conf
      ansible.builtin.file:
        path: "/etc/containers/containers.conf"
        state: absent
      become: true
      when: podman_updated_containers_conf is changed # noqa: no-handler
    - name: Restore backup file
      ansible.builtin.copy:
        remote_src: true
        dest: /etc/containers/containers.conf
        src: "{{ podman_updated_containers_conf.backup_file }}"
        mode: "0644"
        owner: root
        group: root
      become: true
      when: podman_updated_containers_conf is changed # noqa: no-handler
    - name: Containers.conf could not be validated after setting default timezone
      ansible.builtin.debug:
        msg: Please make sure that `podman_default_timezone` is either an IANA timezone or 'local'
  always:
    - name: Remove backup file
      ansible.builtin.file:
        path: "{{ podman_updated_containers_conf.backup_file }}"
        state: absent
      become: true
      when: podman_updated_containers_conf is changed # noqa: no-handler

- name: Ensure default network configuration exists
  when: podman_default_network_ipv6_prefix is defined
  block:
    - name: Ensure default network config directory exists
      ansible.builtin.file:
        path: "/etc/containers/networks"
        state: directory
        owner: root
        group: root
        mode: "0755"
      become: true
    - name: Ensure default network config file exists
      ansible.builtin.template:
        src: "podman-network.json.j2"
        dest: "/etc/containers/networks/podman.json"
        owner: root
        group: root
        mode: "0600"
      become: true

- name: Ensure podman auto update is enabled
  ansible.builtin.systemd:
    name: podman-auto-update.timer
    enabled: true
    state: started
  become: true
feat(podman): add role Copied from Histalek <3 Based on https://git.histalek.de/histalek-de/infrastructure/-/tree/b17a8f117bd2ce6e7b9c64dcffb2f24294306519/roles/podman 2024-09-12 22:51:03 +02:00			`- name: Ensure podman is installed.`
			`ansible.builtin.package:`
			`name:`
			`- "podman"`
			`state: "present"`
			`become: true`

			`- name: Ensure needed packages for podman machine are installed.`
			`ansible.builtin.package:`
			`name:`
			`- "qemu-system-x86-core"`
			`- "qemu-img"`
			`- "podman-gvproxy"`
			`state: "present"`
			`become: true`
			`when: podman_install_machine_packages`

			`- name: Enable sebool container_manage_cgroup.`
			`ansible.posix.seboolean:`
			`name: container_manage_cgroup`
			`state: true`
			`persistent: true`
			`become: true`

			`- name: Ensure 'containers' system user exists`
			`ansible.builtin.user:`
			`name: "containers"`
			`comment: "system user which holds subuids/subgids used by podman for rootful usernamespaced containers"`
			`create_home: false`
			`password: "*"`
			`state: present`
			`system: true`
			`become: true`

			`- name: Ensure the 'containers' user has subuids/subgids configured`
			`ansible.builtin.lineinfile:`
			`path: "{{ item.path }}"`
			`regexp: "^containers:[0-9]+:[0-9]+$"`
			`line: "containers:{{ podman_usernamespace_uid_start }}:{{ podman_usernamespace_uid_amount }}"`
			`loop:`
			`- path: "/etc/subuid"`
			`- path: "/etc/subgid"`
			`become: true`

			`- name: Setup default container timezone`
			`when: podman_default_timezone is defined`
			`block:`
			`- name: Ensure timezone is set in containers.conf`
			`community.general.ini_file:`
			`path: /etc/containers/containers.conf`
			`backup: true`
			`create: true`
			`state: present`
			`mode: "0644"`
			`owner: root`
			`group: root`
			`option: tz`
			`section: containers`
			`value: "'{{ podman_default_timezone }}'"`
			`register: podman_updated_containers_conf`
			`become: true`
			`- name: Validate containers.conf`
			`ansible.builtin.command:`
			`cmd: podman info`
			`changed_when: false`
			`become: true`
			`rescue:`
			`# This is needed if there was no containers.conf to begin with.`
			`# In that case there would be no backup file and the bad containers.conf would stay behind`
			# even after the `copy` module below.
			`- name: Remove bad containers.conf`
			`ansible.builtin.file:`
			`path: "/etc/containers/containers.conf"`
			`state: absent`
			`become: true`
			`when: podman_updated_containers_conf is changed # noqa: no-handler`
			`- name: Restore backup file`
			`ansible.builtin.copy:`
			`remote_src: true`
			`dest: /etc/containers/containers.conf`
			`src: "{{ podman_updated_containers_conf.backup_file }}"`
			`mode: "0644"`
			`owner: root`
			`group: root`
			`become: true`
			`when: podman_updated_containers_conf is changed # noqa: no-handler`
			`- name: Containers.conf could not be validated after setting default timezone`
			`ansible.builtin.debug:`
			msg: Please make sure that `podman_default_timezone` is either an IANA timezone or 'local'
			`always:`
			`- name: Remove backup file`
			`ansible.builtin.file:`
			`path: "{{ podman_updated_containers_conf.backup_file }}"`
			`state: absent`
			`become: true`
			`when: podman_updated_containers_conf is changed # noqa: no-handler`

			`- name: Ensure default network configuration exists`
			`when: podman_default_network_ipv6_prefix is defined`
			`block:`
			`- name: Ensure default network config directory exists`
			`ansible.builtin.file:`
			`path: "/etc/containers/networks"`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: "0755"`
			`become: true`
			`- name: Ensure default network config file exists`
			`ansible.builtin.template:`
			`src: "podman-network.json.j2"`
			`dest: "/etc/containers/networks/podman.json"`
			`owner: root`
			`group: root`
			`mode: "0600"`
			`become: true`

			`- name: Ensure podman auto update is enabled`
			`ansible.builtin.systemd:`
			`name: podman-auto-update.timer`
			`enabled: true`
			`state: started`
			`become: true`