chef-recipes/roles/podman/tasks/main.yml

- name: Install base packages
  become: true
  package:
    name:
      - podman
      - podman-docker
    state: present

- name: Add the 'containers' user
  become: true
  user:
    name: containers
    shell: /bin/bash

- name: Check if user is lingering
  stat:
    path: "/var/lib/systemd/linger/containers"
  register: user_lingering

- name: Enable lingering is needed
  become: true
  command: "loginctl enable-linger containers"
  when:
    - not user_lingering.stat.exists

- name: Allow unprivileged users to open ports
  become: true
  ansible.posix.sysctl:
    name: net.ipv4.ip_unprivileged_port_start
    value: "80"
    sysctl_set: yes

- name: Enable podman socket
  become: true
  become_user: containers
  ansible.builtin.systemd:
    scope: user
    name: podman.socket
    enabled: yes
    state: started

- name: Enable podman auto-update timer
  become: true
  become_user: containers
  ansible.builtin.systemd:
    scope: user
    name: podman-auto-update.timer
    enabled: yes

- name: Copy default containers config file
  become: true
  ansible.builtin.copy:
    remote_src: yes
    src: /usr/share/containers/containers.conf
    dest: /etc/containers/containers.conf
    mode: 0644

- name: Change podman default subnet
  become: true
  lineinfile:
    path: /etc/containers/containers.conf
    regex: "^#default_subnet*$"
    line: 'default_subnet = "172.16.0.0/24"'

- name: Reboot
  become: true
  reboot:
Initial configuration 2023-02-01 17:34:56 +00:00			`- name: Install base packages`
			`become: true`
			`package:`
			`name:`
			`- podman`
			`- podman-docker`
			`state: present`

			`- name: Add the 'containers' user`
			`become: true`
			`user:`
			`name: containers`
			`shell: /bin/bash`

			`- name: Check if user is lingering`
			`stat:`
			`path: "/var/lib/systemd/linger/containers"`
			`register: user_lingering`

			`- name: Enable lingering is needed`
			`become: true`
			`command: "loginctl enable-linger containers"`
			`when:`
			`- not user_lingering.stat.exists`

			`- name: Allow unprivileged users to open ports`
			`become: true`
			`ansible.posix.sysctl:`
			`name: net.ipv4.ip_unprivileged_port_start`
			`value: "80"`
			`sysctl_set: yes`

			`- name: Enable podman socket`
			`become: true`
			`become_user: containers`
			`ansible.builtin.systemd:`
			`scope: user`
			`name: podman.socket`
			`enabled: yes`
			`state: started`

			`- name: Enable podman auto-update timer`
			`become: true`
			`become_user: containers`
			`ansible.builtin.systemd:`
			`scope: user`
			`name: podman-auto-update.timer`
			`enabled: yes`

			`- name: Copy default containers config file`
			`become: true`
			`ansible.builtin.copy:`
			`remote_src: yes`
			`src: /usr/share/containers/containers.conf`
			`dest: /etc/containers/containers.conf`
			`mode: 0644`

			`- name: Change podman default subnet`
			`become: true`
			`lineinfile:`
			`path: /etc/containers/containers.conf`
			`regex: "^#default_subnet*$"`
			`line: 'default_subnet = "172.16.0.0/24"'`

			`- name: Reboot`
			`become: true`
			`reboot:`