defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 podman_version_check: true
-podman_version: "v4.6.2"
+podman_version: "4.6.0"
 podman_netavark_version: "v1.7.0"
 podman_conmon_version: "v2.1.7"
 podman_aardvark_dns_version: "v1.7.0"
@@ -13,7 +13,7 @@ podman_crun_buildpath: "{{ podman_buildpath }}/crun"
 podman_podman_buildpath: "{{ podman_buildpath }}/podman"
 podman_netavark_buildpath: "{{ podman_buildpath }}/netavark"
 
-podman_containers_config: "/usr/share/containers/"
+podman_containers_config: "/etc/containers"
 
 podman_netavark_repopath: "https://github.com/containers/netavark.git"
 podman_aardvark_dns_repopath: "https://github.com/containers/aardvark-dns.git"

tasks/configure.yml

@@ -2,65 +2,39 @@
   file:
     path: "{{ podman_containers_config }}"
     state: directory
-    mode: '755'
+    mode: 'u=rwx,g=rx,o='
-
-- name: "Create conatiners folder"
-  file:
-    path: "/etc/containers"
-    state: directory
-    mode: '755'
 
 
 - name: "Create config and data directory"
   ansible.builtin.file:
     path: "{{ item }}"
     state: directory
-    mode: '755'
+    mode: '0755'
   with_items:
     - "{{ podman_containers_config }}"
     - "{{ podman_containers_config }}/registries.conf.d"
-    - "/etc/containers/registries.conf.d"
 
 - name: Copy policy.json
   ansible.builtin.template:
     src: policy.json
-    dest: "/etc/containers/policy.json"
+    dest: "{{ podman_containers_config }}/policy.json"
-    mode: '755'
+    mode: 0600
 
 - name: Copy registries.json
   ansible.builtin.template:
     src: registries.conf
-    dest: "/etc/containers/registries.conf"
+    dest: "{{ podman_containers_config }}/registries.conf"
-    mode: '755'
+    mode: 0600
 
-- name: Copy containers.conf
+- name: "Create registries.conf.d folder"
-  ansible.builtin.template:
+  file:
-    src: containers.conf
+    path: "{{ podman_containers_config }}/registries.conf.d"
-    dest: "{{ podman_containers_config }}/containers.conf"
+    state: directory
-    mode: '755'
+    mode: 'u=rwx,g=rx,o='
 
-- name: Copy storage.conf
-  ansible.builtin.template:
-    src: storage.conf
-    dest: "{{ podman_containers_config }}/storage.conf"
-    mode: '755'
 
 - name: Copy registries.json
   ansible.builtin.template:
     src: registries.conf.d/shortnames.conf
-    dest: "/etc/containers/registries.conf.d/shortnames.conf"
+    dest: "{{ podman_containers_config }}/registries.conf.d/shortnames.conf"
-    mode: '755'
+    mode: 0600
-
-- name: set ping group range permissions
-  ansible.builtin.lineinfile:
-    path: "/etc/sysctl.d/podman_ping_group.conf"
-    line: "net.ipv4.ping_group_range=0 2000000"
-    create: true
-
-- name: Add podman folder to $PATH
-  ansible.builtin.copy:
-    dest: /etc/profile.d/podman.sh
-    content: 'PATH=$PATH:/usr/libexec/podman'
-
-- name: Exec lingur
-  shell: loginctl enable-linger 1000

tasks/install.yml

@@ -6,9 +6,3 @@
 - include_tasks: install_netavark.yml
 
 - include_tasks: install_aardvark_dns.yml
-
-- include_tasks: install_crun.yml
-
-- include_tasks: configure.yml
-
-- include_tasks: install_podman.yml

tasks/install_aardvark_dns.yml

@@ -5,7 +5,6 @@
     clone: yes
     update: yes
     version: "{{ podman_aardvark_dns_version }}"
-    force: true
 
 - name: Build 'all' target with extra arguments
   make:
@@ -16,7 +15,7 @@
   file:
     path: "/usr/libexec/podman"
     state: directory
-    mode: '755'
+    mode: 'u=rwx,g=rx,o='
 
 - name: Copy aardvark-dns file
   ansible.builtin.copy:
@@ -24,4 +23,4 @@
     dest: "/usr/libexec/podman/aardvark-dns"
     force: true
     remote_src: true
-    mode: u=rx,g=rx,o=rx
+

tasks/install_conmon.yml

@@ -5,7 +5,6 @@
     clone: yes
     update: yes
     version: "{{ podman_conmon_version }}"
-    force: true
 
 - name: Build 'all' target with extra arguments
   make:

tasks/install_crun.yml

@@ -5,7 +5,6 @@
     clone: yes
     update: yes
     version: "{{ podman_crun_version }}"
-    force: true
 
 - name: Execute autogen.sh
   shell:

tasks/install_netavark.yml

@@ -5,7 +5,6 @@
     clone: yes
     update: yes
     version: "{{ podman_netavark_version }}"
-    force: true
 
 - name: Build 'all' target with extra arguments
   make:
@@ -19,7 +18,7 @@
   file:
     path: "/usr/libexec/podman"
     state: directory
-    mode: '755'
+    mode: 'u=rwx,g=rx,o='
 
 - name: Copy netavark file
   ansible.builtin.copy:
@@ -27,4 +26,3 @@
     dest: "/usr/libexec/podman/netavark"
     force: true
     remote_src: true
-    mode: u=rx,g=rx,o=rx

tasks/install_podman.yml

@@ -5,7 +5,6 @@
     clone: yes
     update: yes
     version: "{{ podman_version }}"
-    force: true
 
 - name: Build 'all' target with extra arguments
   make:
@@ -18,6 +17,8 @@
   make:
     chdir: "{{ podman_podman_buildpath }}"
     target: install
+    params:
+      PREFIX: "/usr"
 
 - name: Setup systemd service
   ansible.builtin.template:

tasks/main.yml

@@ -4,4 +4,4 @@
 
 - include_tasks: install.yml
 
-- include_tasks: systemd-services.yml
+- include_tasks: configure.yml

tasks/systemd-services.yml

@@ -1,14 +0,0 @@
-- name: Setup podman-docker service
-  systemd_service:
-    enabled: true
-    state: started
-    daemon_reload: true
-    name: podman-docker
-
-- name: Setup podman.sock
-  remote_user: alphyron
-  systemd_service:
-    enabled: true
-    name: podman.sock
-    state: started
-    scope: "user"

templates/containers.conf

@@ -1,2 +0,0 @@
-[network]
-network_backend="netavark"

templates/storage.conf

@@ -1,5 +0,0 @@
-[storage]
-driver = "overlay"
-
-[storage.options.overlay]
-mount_program = "/usr/bin/fuse-overlayfs"

vars/debian.yml

@@ -6,7 +6,7 @@ podman_build_deps:
   - pkg-config
   - btrfs-progs
   - go-md2man
-  - iptables
+  #- iptables
   - libassuan-dev
   - libbtrfs-dev
   - libc6-dev
@@ -22,8 +22,6 @@ podman_build_deps:
   - libselinux1-dev
   - libapparmor-dev
   - protobuf-compiler
-  - slirp4netns
-  - fuse-overlayfs
 
 crun_build_deps:
   - build-essential