start podman_configuration role

roles/podman_configuration/tasks/install.yml

@@ -0,0 +1,16 @@
+---
+- name: Install podman and dependencies
+  ansible.builtin.package:
+    name:
+      - podman
+      - slirp4netns
+      - podman-compose
+    state: present
+  become: true
+
+- name: Remove Oracle registry
+  ansible.builtin.replace:
+    path: /etc/containers/registries.conf
+    regexp: '"container-registry\.oracle\.com", '
+    replace: ''
+  become: true

roles/podman_configuration/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Install podman
+  ansible.builtin.include_tasks: install.yml
+
+- name: Configure podman users
+  ansible.builtin.include_tasks: users.yml

roles/podman_configuration/tasks/users.yml

@@ -0,0 +1,38 @@
+---
+- name: Increase the number of user namespaces
+  ansible.posix.sysctl:
+    name: user.max_user_namespaces
+    value: '28633'
+    sysctl_set: true
+    state: present
+    reload: true
+    sysctl_file: /etc/sysctl.d/userns.conf
+  become: true
+
+- name: Create podman users
+  ansible.builtin.user:
+    name: "{{ item }}"
+    state: present
+  become: true
+  loop: "{{ podman_users }}"
+
+- name: Create user ssh folder
+  ansible.builtin.file:
+    path: /home/{{ item }}/.ssh
+    state: directory
+    mode: 0700
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    seuser: system_u
+    serole: object_r
+    setype: ssh_home_t
+    selevel: s0
+  become: true
+  loop: "{{ podman_users }}"
+
+- name: Add ssh keys to authorized_keys
+  ansible.posix.authorized_key:
+    user: "{{ item[0] }}"
+    key: "{{ item[1] }}"
+  become: true
+  loop: "{{ podman_users | product(ssh_keys) }}"