PHiAX/Raspberry-Pi-IaC
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Raspberry-Pi-IaC/roles/actual/tasks/main.yml
Thomas Kleinendorst 606a26a008 Add link for starting containers on system boot 
As mentioned in the comment; this behavior is different in
Podman than how it is in Docker.
2024-04-15 20:35:57 +02:00

53 lines
2 KiB
YAML
Raw Blame History

---
- name: Create a new user
ansible.builtin.include_role:
name: user
vars:
user_username: "{{ actual_username }}"
user_password: "{{ actual_password }}"
- name: Create a directory for holding actual's (volume) data
become: true
become_user: "{{ actual_username }}"
ansible.builtin.file:
path: "/home/{{ actual_username }}/actual_data"
state: directory
mode: '0700'
# Unfortunatelly I can't set the web password in the container, a user has to manually do this on startup.
- name: Start the Actual container
become: true
become_user: "{{ actual_username }}"
containers.podman.podman_container:
name: actual-server
image: docker.io/actualbudget/actual-server:24.4.0
# TODO: Enable containers on boot
# I expected podman containers to restart on boot with this policy but apparently the documentation specifically
# states that they won't do this. There seems to be an involved workaround to get this to work whilst keeping the
# containers "rootless". See this guide: https://linuxhandbook.com/autostart-podman-containers/
restart_policy: on-failure
publish:
- 127.0.0.1:5006:5006
volumes:
- "/home/{{ actual_username }}/actual_data:/data"
state: started
- name: Install certificate for actual.kleinendorst.info
become: true
ansible.builtin.command:
cmd: register_certbot_domain.sh actual.kleinendorst.info
creates: /etc/letsencrypt/live/actual.kleinendorst.info # The certificate directory
- name: Set Nginx configuration
become: true
ansible.builtin.template:
src: actual.conf.j2
dest: /etc/nginx/conf.d/actual.conf
mode: '0644'
notify: Restart Nginx
# - name: Allow https through firewall
# become: true
# community.general.ufw:
# rule: allow
# port: https
# proto: tcp
# notify: Restart ufw
- name: Debug
ansible.builtin.debug:
msg: "Don't forget to manually add a DNS record for actual.kleinendorst.info pointing to: {{ ansible_facts['default_ipv4']['address'] }}."
Reference in a new issue View git blame Copy permalink