--- - hosts: bulletinboard become: true become_method: sudo become_user: root vars: gitea_device: "/dev/vdc" gitea_vg_name: "vg_gitea" gitea_lv_name: "lv_gitea" gitea_data_directory: "/gitea" vars_prompt: - name: gitea_password prompt: "Enter gitea Password: " private: true encrypt: sha512_crypt confirm: true salt_size: 7 - name: gitea_db_password prompt: "Enter Gitea DB Password: " private: true tasks: - name: Create gitea user ansible.builtin.user: name: gitea password: "{{ gitea_password }}" comment: "Podman user for Gitea application" uid: 2001 - name: Make .bashrc.d directory for gitea user ansible.builtin.file: path: /home/gitea/.bashrc.d owner: gitea group: gitea mode: "0750" state: directory - name: Set XDG_RUNTIME_DIR var for gitea user ansible.builtin.lineinfile: path: /home/gitea/.bashrc.d/systemd owner: gitea group: gitea mode: "0750" line: "export XDG_RUNTIME_DIR=/run/user/2001" create: true - name: Allow gitea user to linger ansible.builtin.shell: cmd: "loginctl enable-linger 2001" - name: Place container environment file for gitea user ansible.builtin.lineinfile: path: /home/gitea/.containerenv owner: gitea group: gitea mode: "0750" line: "{{ item }}" insertafter: EOF create: true no_log: true loop: - "GITEA__database_DB_TYPE=mysql" - "GITEA__database__HOST=10.12.34.3:3306" - "GITEA__database__NAME=gitea" - "GITEA__database__USER=gitea" - "GITEA__database__PASSWD={{ gitea_db_password }}" - name: Run systemctl daemon-reload ansible.builtin.systemd_service: daemon_reload: true - name: Write subuid user entry for gitea ansible.builtin.lineinfile: path: /etc/subuid line: "gitea:102000:2000" insertafter: EOF create: true state: present - name: Write subgid user entry for gitea ansible.builtin.lineinfile: path: /etc/subgid line: "gitea:102000:2000" insertafter: EOF create: true state: present - name: Configure firewalld for gitea ansible.posix.firewalld: port: "8081/tcp" state: enabled permanent: true immediate: true - name: Configure quadlet volumes containers.podman.podman_volume: state: quadlet name: "gitea-{{ item }}" quadlet_filename: "gitea-quadlet-volumes-{{ item }}" quadlet_file_mode: "0640" quadlet_options: - | [Install] WantedBy=default.target - | [Unit] Description=Gitea {{ item }} Volume loop: - "data" - "config" become_user: gitea # TODO Unit spec should get *.mount After directive from variables - name: Build gitea quadlet containers.podman.podman_container: name: gitea image: "docker.io/gitea/gitea:latest-rootless" state: quadlet quadlet_filename: "gitea-quadlet" quadlet_file_mode: "0640" rm: false ports: - "8081:3000" volumes: - "gitea-data:/var/lib/gitea:Z" - "gitea-config:/etc/gitea:Z" - "/etc/localtime:/etc/timezone:ro" - "/etc/localtime:/etc/localtime:ro" quadlet_options: - "AutoUpdate=registry" - "Pull=newer" - | [Install] WantedBy=default.target - | [Unit] Description=Gitea Quadlet - | [Service] ExecStartPre=/home/gitea/service_up.sh 3306 env_file: "/home/gitea/.containerenv" become_user: "gitea" - name: Run systemctl --user daemon-reload ansible.builtin.systemd_service: daemon_reload: true scope: user become_user: "gitea" - name: Run systemctl --user start for all services ansible.builtin.systemd_service: state: started scope: user name: "{{ item }}" loop: - "gitea-quadlet-volumes-data-volume.service" - "gitea-quadlet-volumes-config-volume.service" - "gitea-quadlet.service" become_user: "gitea"