diff --git a/roles/podman_configuration/tasks/install.yml b/roles/podman_configuration/tasks/install.yml new file mode 100644 index 0000000..29fefd0 --- /dev/null +++ b/roles/podman_configuration/tasks/install.yml @@ -0,0 +1,16 @@ +--- +- name: Install podman and dependencies + ansible.builtin.package: + name: + - podman + - slirp4netns + - podman-compose + state: present + become: true + +- name: Remove Oracle registry + ansible.builtin.replace: + path: /etc/containers/registries.conf + regexp: '"container-registry\.oracle\.com", ' + replace: '' + become: true diff --git a/roles/podman_configuration/tasks/main.yml b/roles/podman_configuration/tasks/main.yml new file mode 100644 index 0000000..c7bfe68 --- /dev/null +++ b/roles/podman_configuration/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Install podman + ansible.builtin.include_tasks: install.yml + +- name: Configure podman users + ansible.builtin.include_tasks: users.yml diff --git a/roles/podman_configuration/tasks/users.yml b/roles/podman_configuration/tasks/users.yml new file mode 100644 index 0000000..08ce589 --- /dev/null +++ b/roles/podman_configuration/tasks/users.yml @@ -0,0 +1,38 @@ +--- +- name: Increase the number of user namespaces + ansible.posix.sysctl: + name: user.max_user_namespaces + value: '28633' + sysctl_set: true + state: present + reload: true + sysctl_file: /etc/sysctl.d/userns.conf + become: true + +- name: Create podman users + ansible.builtin.user: + name: "{{ item }}" + state: present + become: true + loop: "{{ podman_users }}" + +- name: Create user ssh folder + ansible.builtin.file: + path: /home/{{ item }}/.ssh + state: directory + mode: 0700 + owner: "{{ item }}" + group: "{{ item }}" + seuser: system_u + serole: object_r + setype: ssh_home_t + selevel: s0 + become: true + loop: "{{ podman_users }}" + +- name: Add ssh keys to authorized_keys + ansible.posix.authorized_key: + user: "{{ item[0] }}" + key: "{{ item[1] }}" + become: true + loop: "{{ podman_users | product(ssh_keys) }}"