--- # This role assumes currently that the target container must be restarted on a system reboot. - name: Ensure the podman-restart.service is running ansible.builtin.systemd: name: podman-restart.service state: started enabled: true scope: user - name: Run whoami ansible.builtin.command: whoami changed_when: false register: whoami - name: Register current user in a variable ansible.builtin.set_fact: container_user: "{{ whoami.stdout }}" - name: Create mount directories ansible.builtin.file: path: "/home/{{ container_user }}/{{ item.name }}" state: directory mode: '0700' loop: "{{ podman_simple_container_volumes }}" loop_control: label: "{{ item.name }}" index_var: index register: command_result failed_when: # This is quite an interesting problem. The command fails because, after initial creation, the pod using the volume # changes the user of the folder to a UID only known within the container. This command basically doesn't need to # change anything at this point so we'll ignore the error for now. - "command_result.module_stdout is defined and'set_mode_if_different' not in command_result.module_stdout" - name: Gather facts on the container containers.podman.podman_container_info: name: "{{ podman_container_name }}" register: container_info - name: Start the container with correct systemd linking # ⬇️ Run either when the image doesn't exist or is outdated when: container_info.containers | length == 0 or not container_info.containers[0]["Config"]["Image"] is match(".*:" + podman_container_tag) block: # The image would already be downloaded in the step where the container is started (if the image is missing from the system). However, # this specifically fixes an issue where the DNS server is temporarily unavailable when the pi-hole container is removed first and then recreated. # By ensuring that the correct image is already on the machine it doesn't fail when downloading because it can't resolve the address. - name: Pull the requested image before removal of container containers.podman.podman_image: name: "{{ podman_container_image }}:{{ podman_container_tag }}" state: present - name: Make sure the container isn't present containers.podman.podman_container: name: "{{ podman_container_name }}" state: absent - name: Make sure the systemd unit file isn't present ansible.builtin.file: path: "/home/{{ container_user }}/.config/systemd/user/container-{{ podman_container_name }}.service" state: absent notify: Reload systemd (daemon-reload) - name: Flush handlers ansible.builtin.meta: flush_handlers - name: Initialize container_volumes ansible.builtin.set_fact: container_volumes: "{{ podman_container_volumes }}" - name: Map volumes to Podman accepted list ansible.builtin.set_fact: container_volumes: "{{ container_volumes | default(podman_container_volumes) + ['/home/' + container_user + '/' + item.name + ':' + item.mnt] }}" loop: "{{ podman_simple_container_volumes }}" - name: Start the container containers.podman.podman_container: name: "{{ podman_container_name }}" image: "{{ podman_container_image }}:{{ podman_container_tag }}" restart_policy: always user: root # Still isolated from host system 👍 command: "{{ podman_container_command }}" hostname: "{{ ansible_facts['hostname'] }}" publish: "{{ podman_container_publish }}" env: "{{ podman_container_env }}" volumes: "{{ container_volumes }}" state: stopped # For more information on the systemd startup service, see: https://linuxhandbook.com/autostart-podman-containers/ generate_systemd: path: "/home/{{ container_user }}/.config/systemd/user/" restart_policy: always notify: Reload systemd (daemon-reload) - name: Flush handlers ansible.builtin.meta: flush_handlers - name: Enable the newly created systemd service for user ansible.builtin.systemd: name: "container-{{ podman_container_name }}.service" state: started enabled: true scope: user