Initial import

.gitignore

@@ -0,0 +1,2 @@
+.vagrant
+tests/*.log

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2023, Daniele Tricoli
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

galaxy.yml

@@ -0,0 +1,16 @@
+---
+namespace: eriol
+name: pod
+version: 0.0.1
+readme: README.md
+authors:
+  - Daniele Tricoli <eriol@mornie.org>
+description: Ansible collection to manage services with podman.
+license:
+  - BSD-3-Clause
+tags:
+  - linux
+  - podman
+  - containers
+  - server
+  - collection

roles/homer/README.md

@@ -0,0 +1,9 @@
+# homer
+
+## Example playbook
+
+```yaml
+- hosts: my-server
+  roles:
+    - eriol.pod.homer
+```

roles/homer/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+homer_become: true
+homer_become_user: "{{ undef(hint='You must specify container's user') }}"
+homer_become_root_user: root
+
+homer_dir: /srv/homer
+homer_host_ip: 127.0.0.1
+homer_host_port: 8080
+

roles/homer/tasks/main.yml

@@ -0,0 +1,55 @@
+---
+
+- block:
+
+    - name: ensure homer group exits
+      ansible.builtin.group:
+        name: homer
+
+    - name: ensure homer user exists and has restrictive settings
+      user:
+        name: homer
+        groups: homer
+        password: "*"
+        home: "{{ homer_dir }}"
+        shell: /usr/sbin/nologin
+
+    - name: check if homer user is lingering
+      ansible.builtin.stat:
+        path: "/var/lib/systemd/linger/homer"
+      register: homer_user_lingering
+
+    - name: enable linger for homer user
+      ansible.builtin.command: "loginctl enable-linger homer"
+      when: not homer_user_lingering.stat.exists
+
+  become: "{{ homer_become }}"
+  become_user: "{{ homer_become_root_user }}"
+
+- block:
+
+    - name: ensure the homer container exist, stopped
+      containers.podman.podman_container:
+        name: homer
+        image: docker.io/b4bz/homer:latest
+        ports:
+          - "{{ homer_host_ip }}:{{ homer_host_port }}:8080"
+        volume:
+          - "homer_data:/www/assets"
+        state: stopped
+
+    - name: systemd unit files for homer container must exist
+      containers.podman.podman_generate_systemd:
+        name: homer
+        dest: ~/.config/systemd/user/
+
+    - name: homer container must be started and enabled on systemd
+      ansible.builtin.systemd:
+        name: container-homer
+        daemon_reload: true
+        state: started
+        enabled: true
+        scope: user
+
+  become: "{{ homer_become }}"
+  become_user: "{{ homer_become_user }}"

tests/Vagrantfile

@@ -0,0 +1,14 @@
+# Default to bullseye, but just set env variable to, for example,
+# "debian/buster64" to run test against buster.
+OS_TO_TEST = ENV.fetch("OS_TO_TEST", "debian/bullseye64")
+
+Vagrant.configure("2") do |config|
+  config.vm.box = OS_TO_TEST
+  config.vm.network "private_network", ip: "192.168.56.10"
+
+  config.vm.provision "ansible" do |ansible|
+    # ansible.verbose = "vvv"
+    ansible.compatibility_mode = "2.0"
+    ansible.playbook = "test.yml"
+  end
+end

tests/justfile

@@ -0,0 +1,11 @@
+# vagrant up
+up:
+    @vagrant up
+
+# vagrant up --provision
+provision:
+    @vagrant up --provision
+
+# vagrant destroy --force
+destroy:
+    @vagrant destroy --force

tests/test.yml

@@ -0,0 +1,19 @@
+---
+- name: generic tests for all the roles
+  hosts: all
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    homer_become_user: homer
+
+  pre_tasks:
+    - name: ensure podman is installed
+      ansible.builtin.apt:
+        name:
+          - podman
+          - acl
+        update_cache: true
+      become: true
+
+  roles:
+    - ../roles/homer