78 lines
2.0 KiB
YAML
78 lines
2.0 KiB
YAML
---
|
|
#vpn/tasks/main.yml
|
|
- name: Install kernel extra modules for Gluetun firewall
|
|
become: true
|
|
dnf:
|
|
name: kernel-modules-extra
|
|
state: present
|
|
register: kernel_modules_extra_install
|
|
|
|
- name: Check whether xt_conntrack is available for running kernel
|
|
become: true
|
|
ansible.builtin.command: modinfo xt_conntrack
|
|
register: xt_conntrack_modinfo
|
|
changed_when: false
|
|
failed_when: false
|
|
check_mode: false
|
|
|
|
- name: Reboot if kernel modules were installed but running kernel cannot find xt_conntrack
|
|
become: true
|
|
reboot:
|
|
msg: "Rebooting to load kernel matching installed kernel-modules-extra for Gluetun firewall"
|
|
reboot_timeout: 600
|
|
when:
|
|
- not ansible_check_mode
|
|
- kernel_modules_extra_install.changed
|
|
- xt_conntrack_modinfo.rc != 0
|
|
|
|
- name: Load xt_conntrack for Gluetun firewall
|
|
become: true
|
|
community.general.modprobe:
|
|
name: xt_conntrack
|
|
state: present
|
|
|
|
- name: Persist xt_conntrack module
|
|
become: true
|
|
copy:
|
|
dest: /etc/modules-load.d/gluetun.conf
|
|
mode: "0644"
|
|
content: |
|
|
xt_conntrack
|
|
|
|
- name: Configure SELinux for Gluetun device access
|
|
ansible.builtin.import_role:
|
|
name: selinux_containers
|
|
tasks_from: vpn
|
|
|
|
- name: Deploy Quadlet files
|
|
ansible.builtin.template:
|
|
src: "gluetun.container.j2"
|
|
dest: "{{ container_config_dir }}/gluetun.container"
|
|
owner: "{{ container_user }}"
|
|
group: "{{ container_group }}"
|
|
mode: "0644"
|
|
|
|
- name: Set fact for systemd
|
|
ansible.builtin.set_fact:
|
|
service_name: "gluetun"
|
|
|
|
- name: Execute systemd tasks
|
|
ansible.builtin.import_role:
|
|
name: container_runtime
|
|
tasks_from: systemd
|
|
|
|
- name: Wait for Gluetun container to exist
|
|
become: true
|
|
become_user: "{{ container_user }}"
|
|
command: podman container exists gluetun
|
|
register: gluetun_exists
|
|
retries: 20
|
|
delay: 2
|
|
until: gluetun_exists.rc == 0
|
|
changed_when: false
|
|
when: not ansible_check_mode
|
|
|
|
- name: Skip Gluetun runtime validation in check mode
|
|
debug:
|
|
msg: "Skipping Gluetun container existence check during Ansible check mode."
|
|
when: ansible_check_mode |