Fixed some lint suggestions
This commit is contained in:
Francesco Antognazza
@@ -1,6 +1,6 @@
|
||||
- name: Install base packages
|
||||
become: true
|
||||
package:
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- podman
|
||||
- podman-docker
|
||||
@@ -8,18 +8,30 @@
|
||||
|
||||
- name: Add the 'containers' user
|
||||
become: true
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
name: containers
|
||||
password: "!"
|
||||
system: false
|
||||
shell: /bin/bash
|
||||
comment: User running unprivileged containers
|
||||
state: present
|
||||
|
||||
- name: Add admin pub keys to authorized_keys
|
||||
become: true
|
||||
ansible.posix.authorized_keys:
|
||||
user: containers
|
||||
key: "{{ item }}"
|
||||
state: present
|
||||
loop: "{{ vault_containers_authorized_keys }}"
|
||||
|
||||
- name: Check if user is lingering
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "/var/lib/systemd/linger/containers"
|
||||
register: user_lingering
|
||||
|
||||
- name: Enable lingering is needed
|
||||
become: true
|
||||
command: "loginctl enable-linger containers"
|
||||
ansible.builtin.command: "loginctl enable-linger containers"
|
||||
when:
|
||||
- not user_lingering.stat.exists
|
||||
|
||||
@@ -28,7 +40,7 @@
|
||||
ansible.posix.sysctl:
|
||||
name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "80"
|
||||
sysctl_set: yes
|
||||
sysctl_set: true
|
||||
|
||||
- name: Enable podman socket
|
||||
become: true
|
||||
@@ -36,30 +48,30 @@
|
||||
ansible.builtin.systemd:
|
||||
scope: user
|
||||
name: podman.socket
|
||||
enabled: yes
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Enable podman auto-update timer
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: podman-auto-update.timer
|
||||
enabled: yes
|
||||
enabled: true
|
||||
|
||||
- name: Copy default containers config file
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
remote_src: yes
|
||||
remote_src: true
|
||||
src: /usr/share/containers/containers.conf
|
||||
dest: /etc/containers/containers.conf
|
||||
mode: 0644
|
||||
|
||||
- name: Change podman default subnet
|
||||
become: true
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/containers/containers.conf
|
||||
regex: "^(.*)default_subnet = (.*)$"
|
||||
line: 'default_subnet = "172.16.0.0/24"'
|
||||
|
||||
#- name: Reboot
|
||||
# become: true
|
||||
# reboot:
|
||||
# - name: Reboot
|
||||
# become: true
|
||||
# ansible.builtin.reboot:
|
||||
|
||||
Reference in New Issue
Block a user