--- #vpn/tasks/main.yml - name: Install kernel extra modules for Gluetun firewall become: true dnf: name: kernel-modules-extra state: present register: kernel_modules_extra_install - name: Check whether xt_conntrack is available for running kernel become: true ansible.builtin.command: modinfo xt_conntrack register: xt_conntrack_modinfo changed_when: false failed_when: false check_mode: false - name: Reboot if kernel modules were installed but running kernel cannot find xt_conntrack become: true reboot: msg: "Rebooting to load kernel matching installed kernel-modules-extra for Gluetun firewall" reboot_timeout: 600 when: - not ansible_check_mode - kernel_modules_extra_install.changed - xt_conntrack_modinfo.rc != 0 - name: Load xt_conntrack for Gluetun firewall become: true community.general.modprobe: name: xt_conntrack state: present - name: Persist xt_conntrack module become: true copy: dest: /etc/modules-load.d/gluetun.conf mode: "0644" content: | xt_conntrack - name: Configure SELinux for Gluetun device access ansible.builtin.import_role: name: selinux_containers tasks_from: vpn - name: Deploy Quadlet files ansible.builtin.template: src: "gluetun.container.j2" dest: "{{ container_config_dir }}/gluetun.container" owner: "{{ container_user }}" group: "{{ container_group }}" mode: "0644" - name: Set fact for systemd ansible.builtin.set_fact: service_name: "gluetun" - name: Execute systemd tasks ansible.builtin.import_role: name: container_runtime tasks_from: systemd - name: Wait for Gluetun container to exist become: true become_user: "{{ container_user }}" command: podman container exists gluetun register: gluetun_exists retries: 20 delay: 2 until: gluetun_exists.rc == 0 changed_when: false when: not ansible_check_mode - name: Skip Gluetun runtime validation in check mode debug: msg: "Skipping Gluetun container existence check during Ansible check mode." when: ansible_check_mode