nodiscc · July 25, 2024 18:06
diff --git a/shaarli-podman.yml b/shaarli-podman.yml
 ##### USER #####

 - name: create shaarli-podman user
  become: yes
  user:
    name: shaarli-podman
    state: present
    home: /var/lib/shaarli-podman
    create_home: no

 - name: create shaarli-podman directories
  become: yes
  file:
    path: "{{ item.path }}"
    state: directory
    owner: shaarli-podman
    group: shaarli-podman
    mode: "{{ item.mode }}"
  with_items:
    - path: /var/lib/shaarli-podman
      mode: "0775"
    - path: /var/lib/shaarli-podman/cache
      mode: "0770"
    - path: /var/lib/shaarli-podman/data
      mode: "0770"
  ignore_errors: "{{ ansible_check_mode }}"
  tags: shaarli-podman-unshare

 - name: set permissions/ownership on podman volumes
  become: yes
  become_user: shaarli-podman
  command:
    cmd: "podman unshare chown 100:101 /var/lib/shaarli-podman/cache /var/lib/shaarli-podman/data"
  ignore_errors: "{{ ansible_check_mode }}"
  tags: shaarli-podman-unshare

 - name: check if systemd/logind session lingering is enabled
  stat:
    path: "/var/lib/systemd/linger/shaarli-podman"
  register: linger_file

 - name: enable systemd/logind session lingering
  become: yes
  command:
    cmd: loginctl enable-linger shaarli-podman
  when: not linger_file.stat.exists

 ##### PODMAN ####

 - name: pull shaarli image
  become: yes
  become_user: shaarli-podman
  containers.podman.podman_image:
    name: "{{ shaarli_podman_image }}"
  ignore_errors: "{{ ansible_check_mode }}"
  when: shaarli_podman_mode == "pull"
  notify: restart shaarli-podman service

 - name: clone shaarli repository
  become: yes
  become_user: shaarli-podman
  git:
    repo: "{{ shaarli_podman_repository }}"
    dest: /var/lib/shaarli-podman/src
    version: "{{ shaarli_podman_branch }}"
    force: yes
  when: shaarli_podman_mode == "build"

 # since shaarli's dockerfile uses unqualified image names in its FROM directives, the following must be added to /etc/containers/registries.conf:
 # unqualified-search-registries = ["docker.io"]
 - name: build shaarli image
  become: yes
  become_user: shaarli-podman
  containers.podman.podman_image:
    name: "shaarli-build"
    build:
      file: Dockerfile
      # force_rm: yes
    force: yes
    path: /var/lib/shaarli-podman/src/
    pull: no
  ignore_errors: "{{ ansible_check_mode }}"
  when: shaarli_podman_mode == "build"
  notify: restart shaarli-podman service

 # to access the instance from another host, the firewall must allow incoming connections on port 8000/tcp (sudo firewall-cmd --add-port=8000/tcp --zone=internal)
 - name: run shaarli container
  become: yes
  become_user: shaarli-podman
  containers.podman.podman_container:
    name: shaarli
    image: "{{ shaarli_podman_image if shaarli_podman_mode == 'pull' else 'shaarli-build' }}"
    publish:
      - "10080:80"
    rm: yes
    volumes:
      - "/var/lib/shaarli-podman/cache:/var/www/shaarli/cache"
      - "/var/lib/shaarli-podman/data:/var/www/shaarli/data"
  ignore_errors: "{{ ansible_check_mode }}"

 - name: generate systemd unit file for shaarli container
  become: yes
  become_user: shaarli-podman
  containers.podman.podman_generate_systemd:
    name: shaarli
    use_names: yes
    new: yes
    force: yes
    dest: ~/.config/systemd/user
  notify:
    - reload systemd unit files (shaarli-podman)
    - restart shaarli-podman service
  ignore_errors: "{{ ansible_check_mode }}"

 - name: apply configuration (flush handlers)
  meta: flush_handlers

 # use sudo systemctl --user --machine shaarli-podman@ list-units to list another user's services
 - name: enable shaarli-podman service
  become: yes
  become_user: shaarli-podman
  systemd:
    name: container-shaarli.service
    scope: user
    state: started
    enabled: yes
  ignore_errors: "{{ ansible_check_mode }}"
	##### USER #####

	- name: create shaarli-podman user
	become: yes
	user:
	name: shaarli-podman
	state: present
	home: /var/lib/shaarli-podman
	create_home: no

	- name: create shaarli-podman directories
	become: yes
	file:
	path: "{{ item.path }}"
	state: directory
	owner: shaarli-podman
	group: shaarli-podman
	mode: "{{ item.mode }}"
	with_items:
	- path: /var/lib/shaarli-podman
	mode: "0775"
	- path: /var/lib/shaarli-podman/cache
	mode: "0770"
	- path: /var/lib/shaarli-podman/data
	mode: "0770"
	ignore_errors: "{{ ansible_check_mode }}"
	tags: shaarli-podman-unshare

	- name: set permissions/ownership on podman volumes
	become: yes
	become_user: shaarli-podman
	command:
	cmd: "podman unshare chown 100:101 /var/lib/shaarli-podman/cache /var/lib/shaarli-podman/data"
	ignore_errors: "{{ ansible_check_mode }}"
	tags: shaarli-podman-unshare

	- name: check if systemd/logind session lingering is enabled
	stat:
	path: "/var/lib/systemd/linger/shaarli-podman"
	register: linger_file

	- name: enable systemd/logind session lingering
	become: yes
	command:
	cmd: loginctl enable-linger shaarli-podman
	when: not linger_file.stat.exists

	##### PODMAN ####

	- name: pull shaarli image
	become: yes
	become_user: shaarli-podman
	containers.podman.podman_image:
	name: "{{ shaarli_podman_image }}"
	ignore_errors: "{{ ansible_check_mode }}"
	when: shaarli_podman_mode == "pull"
	notify: restart shaarli-podman service

	- name: clone shaarli repository
	become: yes
	become_user: shaarli-podman
	git:
	repo: "{{ shaarli_podman_repository }}"
	dest: /var/lib/shaarli-podman/src
	version: "{{ shaarli_podman_branch }}"
	force: yes
	when: shaarli_podman_mode == "build"

	# since shaarli's dockerfile uses unqualified image names in its FROM directives, the following must be added to /etc/containers/registries.conf:
	# unqualified-search-registries = ["docker.io"]
	- name: build shaarli image
	become: yes
	become_user: shaarli-podman
	containers.podman.podman_image:
	name: "shaarli-build"
	build:
	file: Dockerfile
	# force_rm: yes
	force: yes
	path: /var/lib/shaarli-podman/src/
	pull: no
	ignore_errors: "{{ ansible_check_mode }}"
	when: shaarli_podman_mode == "build"
	notify: restart shaarli-podman service

	# to access the instance from another host, the firewall must allow incoming connections on port 8000/tcp (sudo firewall-cmd --add-port=8000/tcp --zone=internal)
	- name: run shaarli container
	become: yes
	become_user: shaarli-podman
	containers.podman.podman_container:
	name: shaarli
	image: "{{ shaarli_podman_image if shaarli_podman_mode == 'pull' else 'shaarli-build' }}"
	publish:
	- "10080:80"
	rm: yes
	volumes:
	- "/var/lib/shaarli-podman/cache:/var/www/shaarli/cache"
	- "/var/lib/shaarli-podman/data:/var/www/shaarli/data"
	ignore_errors: "{{ ansible_check_mode }}"

	- name: generate systemd unit file for shaarli container
	become: yes
	become_user: shaarli-podman
	containers.podman.podman_generate_systemd:
	name: shaarli
	use_names: yes
	new: yes
	force: yes
	dest: ~/.config/systemd/user
	notify:
	- reload systemd unit files (shaarli-podman)
	- restart shaarli-podman service
	ignore_errors: "{{ ansible_check_mode }}"

	- name: apply configuration (flush handlers)
	meta: flush_handlers

	# use sudo systemctl --user --machine shaarli-podman@ list-units to list another user's services
	- name: enable shaarli-podman service
	become: yes
	become_user: shaarli-podman
	systemd:
	name: container-shaarli.service
	scope: user
	state: started
	enabled: yes
	ignore_errors: "{{ ansible_check_mode }}"