✨: replace docker with podman

playbooks/docker.yml

@@ -1,6 +0,0 @@
----
-
-- name: Install docker
-  hosts: dockerservers
-  roles:
-    - docker

playbooks/podman.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Install podman
+  hosts: podmanservers
+  roles:
+    - podman

playbooks/site.yml

@@ -54,8 +54,8 @@
   import_playbook: peertube.yml
 - name: Run elasticsearch playbook
   import_playbook: elasticsearch.yml
-- name: Run docker playbook
-  import_playbook: docker.yml
+- name: Run podman playbook
+  import_playbook: podman.yml
 - name: Run gitea playbook
   import_playbook: gitea.yml
 - name: Run vaultwarden playbook

roles/act_runner/tasks/main.yml

@@ -1,14 +1,7 @@
 ---
 
-- name: Create act_runner user
-  ansible.builtin.user:
-    name: "{{ act_runner_user }}"
-    state: present
-    system: true
-    create_home: true
-    home: "{{ act_runner_home }}"
-    groups:
-      - docker
+- name: Configure act_runner user
+  ansible.builtin.include_tasks: user.yml
 
 - name: Download act_runner executable
   ansible.builtin.get_url:

roles/act_runner/tasks/user.yml

@@ -0,0 +1,33 @@
+---
+
+- name: Create act_runner user
+  ansible.builtin.user:
+    name: "{{ act_runner_user }}"
+    state: present
+    system: true
+    create_home: true
+    home: "{{ act_runner_home }}"
+  register: _act_runner_user
+
+- name: Configure subuid/subgid
+  ansible.builtin.lineinfile:
+    path: "/etc/{{ item }}"
+    state: present
+    line: "{{ act_runner_user }}:100000:65536"
+  loop:
+    - subuid
+    - subgid
+
+- name: Enable linger
+  ansible.builtin.command:
+    cmd: "/usr/bin/loginctl enable-linger {{ act_runner_user }}"
+    creates: "/var/lib/systemd/linger/{{ act_runner_user }}"
+
+- name: Ensure podman is started
+  ansible.builtin.systemd_service:
+    name: podman.socket
+    state: started
+    enabled: true
+    scope: user
+  become: true
+  become_user: "{{ act_runner_user }}"

roles/act_runner/templates/act_runner.service.j2

@@ -11,6 +11,7 @@ TimeoutSec=0
 RestartSec=10
 Restart=always
 User={{ act_runner_user }}
+Environment=DOCKER_HOST="unix:///run/user/{{ _act_runner_user.uid }}/podman/podman.sock"
 
 [Install]
 WantedBy=multi-user.target

roles/act_runner/vars/main.yml

@@ -2,7 +2,7 @@
 
 act_runner_version: "0.2.13"
 act_runner_url: "https://gitea.com/gitea/act_runner/releases/download/v{{ act_runner_version }}/act_runner-{{ act_runner_version }}-linux-amd64"
-act_runner_home: "/var/lib/act_runner"
+act_runner_home: "/srv/act_runner"
 act_runner_bin: "/usr/local/bin/act_runner"
 act_runner_user: "act_runner"
 

roles/docker/tasks/main.yml

@@ -1,39 +0,0 @@
----
-
-- name: Install prerequired packages
-  ansible.builtin.package:
-    name: fuse-overlayfs
-    state: present
-    update_cache: true
-
-- name: Download gpg key
-  ansible.builtin.get_url:
-    url: "{{ docker_key_url }}"
-    dest: "{{ docker_key_path }}"
-    owner: root
-    group: root
-    mode: "0o644"
-
-- name: Set docker source repo
-  ansible.builtin.copy:
-    content: "deb [arch=amd64 signed-by={{ docker_key_path }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
-    dest: /etc/apt/sources.list.d/docker.list
-    mode: "0o644"
-
-- name: Install docker packages
-  ansible.builtin.package:
-    name:
-      - docker-ce
-      - docker-ce-cli
-      - containerd.io
-      - docker-buildx-plugin
-      - docker-compose-plugin
-    state: present
-    update_cache: true
-
-- name: Ensure docker is started
-  ansible.builtin.systemd:
-    name: docker
-    state: started
-    enabled: true
-    daemon_reload: true

roles/docker/vars/main.yml

@@ -1,4 +0,0 @@
----
-
-docker_key_url: "https://download.docker.com/linux/debian/gpg"
-docker_key_path: "/etc/apt/keyrings/docker.asc"

roles/podman/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Install podman
+  ansible.builtin.package:
+    name:
+      - podman
+      - podman-docker
+      - podman-compose
+    state: present