60 lines
1.5 KiB
YAML
60 lines
1.5 KiB
YAML
---
|
|
# container_runtime/tasks/main.yml
|
|
- name: Install required base packages
|
|
become: true
|
|
dnf:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop: "{{ base_runtime_install_packages }}"
|
|
|
|
- name: Enable lingering for rootless containers
|
|
become: true
|
|
command: "loginctl enable-linger {{ container_user }}"
|
|
args:
|
|
creates: "/var/lib/systemd/linger/{{ container_user }}"
|
|
|
|
- name: Allow rootless to bind to low ports
|
|
become: true
|
|
sysctl:
|
|
name: net.ipv4.ip_unprivileged_port_start
|
|
value: '53'
|
|
state: present
|
|
|
|
- name: Create stack directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: "{{ container_user }}"
|
|
group: "{{ container_group }}"
|
|
mode: "0755"
|
|
recurse: yes
|
|
loop:
|
|
- "{{ stack_root }}"
|
|
- "{{ container_config_dir }}"
|
|
|
|
- name: Configure SELinux container policies
|
|
ansible.builtin.import_tasks: ../selinux_containers/tasks/main.yml
|
|
|
|
- name: Deploy Podman Network Quadlet
|
|
become: true
|
|
template:
|
|
src: homelab.network.j2
|
|
dest: "{{ container_config_dir }}/homelab.network"
|
|
mode: "0644"
|
|
owner: "{{ container_user }}"
|
|
group: "{{ container_group }}"
|
|
|
|
- name: Force systemd reload (blocking)
|
|
become: true
|
|
become_user: "{{ container_user }}"
|
|
environment:
|
|
XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
|
|
command: systemctl --user daemon-reload
|
|
|
|
- name: Start homelab network
|
|
become: true
|
|
become_user: "{{ container_user }}"
|
|
systemd:
|
|
name: homelab-network.service
|
|
scope: user
|
|
state: started |