-
-
Notifications
You must be signed in to change notification settings - Fork 95
/
setup-omnisette-ansible.yaml
98 lines (88 loc) · 3.68 KB
/
setup-omnisette-ansible.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
---
- name: Setup omnisette
hosts: ur.host.ip.addr
gather_facts: false
become: True
tasks:
- name: Install podman and deps
ansible.builtin.package:
name:
- podman
- uidmap
- slirp4netns
- acl
state: present
- name: Setup rootless user
ansible.builtin.user:
name: rootless
register: rootless_usr
- name: Configure xdg_runtime
ansible.builtin.lineinfile:
line: "export XDG_RUNTIME_DIR=/run/user/{{rootless_usr.uid}}"
path: "/home/{{ rootless_usr.name }}/.bashrc"
- name: enable linger
ansible.builtin.command:
cmd: "loginctl enable-linger rootless"
creates: /var/lib/systemd/linger/rootless
- name: Setup omnisette container
containers.podman.podman_container:
name: omnisette
image: ghcr.io/sidestore/omnisette-server:latest
labels:
io.containers.autoupdate: registry
PODMAN_SYSTEMD_UNIT: pod-omnisette.service
state: created
rm: true
volume: /opt/omnisette-server/lib
publish: 6969:80
become_user: rootless
- name: Generate systemd unit file for omnisette container
containers.podman.podman_generate_systemd:
name: omnisette
restart_policy: "always"
container_prefix: "pod"
new: true
dest: "/home/rootless/.config/systemd/user"
no_header: true
become_user: rootless
- name: Ensure anisettev3 container is started and enabled
ansible.builtin.systemd:
name: pod-omnisette
daemon_reload: true
state: started
scope: "user"
enabled: true
become_user: rootless
environment: # If you ever do systemctl stuff as the rootless user with containers, you must set that XDG variable so that you fix: Failed to connect to bus: No medium found, maybe good practise to put that export line into .bashrc mmm?
XDG_RUNTIME_DIR: /run/user/{{rootless_usr.uid}}
- name: Configure podman-auto-update on rootless
ansible.builtin.systemd:
name: podman-auto-update
daemon_reload: true
state: started
scope: "user"
enabled: true
become_user: rootless
environment: # If you ever do systemctl stuff as the rootless user with containers, you must set that XDG variable so that you fix: Failed to connect to bus: No medium found, maybe good practise to put that export line into .bashrc mmm?
XDG_RUNTIME_DIR: /run/user/{{rootless_usr.uid}}
- name: Configure podman-auto-update.timer on rootless
ansible.builtin.systemd:
name: podman-auto-update.timer
daemon_reload: true
state: started
scope: "user"
enabled: true
become_user: rootless
environment: # If you ever do systemctl stuff as the rootless user with containers, you must set that XDG variable so that you fix: Failed to connect to bus: No medium found, maybe good practise to put that export line into .bashrc mmm?
XDG_RUNTIME_DIR: /run/user/{{rootless_usr.uid}}
# - name: Configure podman-auto-update.timer to run every minute
# ansible.builtin.lineinfile:
# line: "OnUnitActiveSec=1min"
# insertbefore: "^Persistent"
# path: /home/rootless/.config/systemd/user/timers.target.wants/podman-auto-update.timer
# notify: Restart podman-auto-update.timer
# - name: Configure podman-auto-update.timer to not randomly delay
# ansible.builtin.lineinfile:
# line: "RandomizedDelaySec=1"
# regexp: "^RandomizedDelaySec"
# path: /home/rootless/.config/systemd/use