fix: many bugs

2023-09-13 23:40:39 +02:00 · 2023-09-13 23:40:39 +02:00 · 17a87b6083
commit 17a87b6083
parent 1bfabcde5e
9 changed files with 58 additions and 23 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -13,7 +13,7 @@ podman_crun_buildpath: "{{ podman_buildpath }}/crun"
 podman_podman_buildpath: "{{ podman_buildpath }}/podman"
 podman_netavark_buildpath: "{{ podman_buildpath }}/netavark"

-podman_containers_config: "/etc/containers"
+podman_containers_config: "/usr/share/containers/"

 podman_netavark_repopath: "https://github.com/containers/netavark.git"
 podman_aardvark_dns_repopath: "https://github.com/containers/aardvark-dns.git"
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -2,50 +2,65 @@
  file:
    path: "{{ podman_containers_config }}"
    state: directory
-    mode: 'u=rwx,g=rx,o='
+    mode: '755'
+
+- name: "Create conatiners folder"
+  file:
+    path: "/etc/containers"
+    state: directory
+    mode: '755'


 - name: "Create config and data directory"
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
-    mode: '0755'
+    mode: '755'
  with_items:
    - "{{ podman_containers_config }}"
    - "{{ podman_containers_config }}/registries.conf.d"
+    - "/etc/containers/registries.conf.d"

 - name: Copy policy.json
  ansible.builtin.template:
    src: policy.json
-    dest: "{{ podman_containers_config }}/policy.json"
-    mode: 0600
+    dest: "/etc/containers/policy.json"
+    mode: '755'

 - name: Copy registries.json
  ansible.builtin.template:
    src: registries.conf
-    dest: "{{ podman_containers_config }}/registries.conf"
-    mode: 0600
+    dest: "/etc/containers/registries.conf"
+    mode: '755'

- name: Copy registries.json
+- name: Copy containers.conf
  ansible.builtin.template:
    src: containers.conf
    dest: "{{ podman_containers_config }}/containers.conf"
-    mode: 0600
-
- name: "Create registries.conf.d folder"
-  file:
-    path: "{{ podman_containers_config }}/registries.conf.d"
-    state: directory
-    mode: 'u=rwx,g=rx,o='
+    mode: '755'

+- name: Copy storage.conf
+  ansible.builtin.template:
+    src: storage.conf
+    dest: "{{ podman_containers_config }}/storage.conf"
+    mode: '755'

 - name: Copy registries.json
  ansible.builtin.template:
    src: registries.conf.d/shortnames.conf
-    dest: "{{ podman_containers_config }}/registries.conf.d/shortnames.conf"
-    mode: 0600
+    dest: "/etc/containers/registries.conf.d/shortnames.conf"
+    mode: '755'
+
+- name: set ping group range permissions
+  ansible.builtin.lineinfile:
+    path: "/etc/sysctl.d/podman_ping_group.conf"
+    line: "net.ipv4.ping_group_range=0 2000000"
+    create: true

 - name: Add podman folder to $PATH
  ansible.builtin.copy:
    dest: /etc/profile.d/podman.sh
    content: 'PATH=$PATH:/usr/libexec/podman'
+
+- name: Exec lingur
+  shell: loginctl enable-linger 1000
--- a/tasks/install_aardvark_dns.yml
+++ b/tasks/install_aardvark_dns.yml
@ -16,7 +16,7 @@
  file:
    path: "/usr/libexec/podman"
    state: directory
-    mode: 'u=rwx,g=rx,o='
+    mode: '755'

 - name: Copy aardvark-dns file
  ansible.builtin.copy:
@ -24,4 +24,4 @@
    dest: "/usr/libexec/podman/aardvark-dns"
    force: true
    remote_src: true
-    mode: +x
+    mode: u=rx,g=rx,o=rx
--- a/tasks/install_netavark.yml
+++ b/tasks/install_netavark.yml
@ -19,7 +19,7 @@
  file:
    path: "/usr/libexec/podman"
    state: directory
-    mode: 'u=rwx,g=rx,o='
+    mode: '755'

 - name: Copy netavark file
  ansible.builtin.copy:
@ -27,4 +27,4 @@
    dest: "/usr/libexec/podman/netavark"
    force: true
    remote_src: true
-    mode: +x
+    mode: u=rx,g=rx,o=rx
--- a/tasks/install_podman.yml
+++ b/tasks/install_podman.yml
@ -18,8 +18,6 @@
  make:
    chdir: "{{ podman_podman_buildpath }}"
    target: install
-    params:
-      PREFIX: "/usr"

 - name: Setup systemd service
  ansible.builtin.template:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -4,3 +4,4 @@

 - include_tasks: install.yml

+- include_tasks: systemd-services.yml
--- a/tasks/systemd-services.yml
+++ b/tasks/systemd-services.yml
@ -0,0 +1,14 @@
+- name: Setup podman-docker service
+  systemd_service:
+    enabled: true
+    state: started
+    daemon_reload: true
+    name: podman-docker
+
+- name: Setup podman.sock
+  remote_user: alphyron
+  systemd_service:
+    enabled: true
+    name: podman.sock
+    state: started
+    scope: "user"
--- a/templates/storage.conf
+++ b/templates/storage.conf
@ -0,0 +1,5 @@
+[storage]
+driver = "overlay"
+
+[storage.options.overlay]
+mount_program = "/usr/bin/fuse-overlayfs"
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -22,6 +22,8 @@ podman_build_deps:
  - libselinux1-dev
  - libapparmor-dev
  - protobuf-compiler
+  - slirp4netns
+  - fuse-overlayfs

 crun_build_deps:
  - build-essential