Initial move to consolidate services on ryzen host

gitea.yaml

@@ -1,5 +1,5 @@
 ---
-- name: Frontend setup
+- name: Gitea setup
   hosts: gitea
 
   vars:
@@ -17,59 +17,37 @@
         local: "/mnt/gitea_backups"
         remote: "/var/nfs/shared/gitea_backups"
 
-
-
-    docker_add_repo: true
-    docker_users:
-      - "{{ username }}"
-
-  roles:
-    - role: geerlingguy.git
-      become: true
-    - role: geerlingguy.docker
-      become: true
-
   tasks:
-    - name: Create myapp directory in home
-      ansible.builtin.file:
-        path: "{{ ansible_env.HOME }}/gitea"
-        state: directory
-        mode: "0755"
+    - name: Install Podman
+      become: true
+      ansible.builtin.package:
+        name: podman
+        state: present
 
-    - name: Copy the gitea compose file to the host
-      ansible.builtin.copy:
-        src: gitea/compose.yaml
-        dest: "{{ ansible_env.HOME }}/gitea/compose.yaml"
-
-    # - name: Install NFS client
-    #   ansible.builtin.apt:
-    #     name: nfs-common
-    #     state: present
-    #     update_cache: true
-    #     become: true
-
-    - name: Stop gitea services if running
-      community.docker.docker_compose_v2:
-        project_src: "{{ ansible_env.HOME }}/gitea/"
-        state: absent
-      ignore_errors: true
+    - name: Allow containers to access NFS mounts
+      become: true
+      ansible.posix.seboolean:
+        name: virt_use_nfs
+        state: true
+        persistent: true
 
     - name: Unmount NFS volumes before creating mountpoint directories
+      become: true
       ansible.posix.mount:
         path: "{{ item.value.local }}"
         state: unmounted
       loop: "{{ mounts | dict2items }}"
-      become: true
 
     - name: Create mountpoint directories for gitea
+      become: true
       ansible.builtin.file:
         path: "{{ item.value.local }}"
         state: directory
         mode: "0755"
-      loop: "{{mounts | dict2items  }}"
-      become: true
+      loop: "{{ mounts | dict2items }}"
 
-    - name: Mount an NFS volume for repositories
+    - name: Mount NFS volumes for gitea
+      become: true
       ansible.posix.mount:
         src: "192.168.1.160:{{ item.value.remote }}"
         path: "{{ item.value.local }}"
@@ -77,29 +55,46 @@
         state: mounted
         fstype: nfs
       loop: "{{ mounts | dict2items }}"
+
+    - name: Open firewall ports for gitea
       become: true
+      ansible.posix.firewalld:
+        port: "{{ item }}/tcp"
+        permanent: true
+        state: enabled
+        immediate: true
+      loop:
+        - 3002
+        - 2222
 
-
-    - name: Create and start services
-      community.docker.docker_compose_v2:
-        project_src: "{{ ansible_env.HOME }}/gitea/"
+    - name: Create shared container network
+      containers.podman.podman_network:
+        name: webservices
         state: present
 
-    - name: Start watchtower
-      community.docker.docker_container:
-        name: watchtower
-        image: nickfedor/watchtower
+    - name: Start gitea
+      containers.podman.podman_container:
+        name: gitea
+        image: docker.io/gitea/gitea:latest
         restart_policy: always
+        network: webservices
+        label:
+          io.containers.autoupdate: registry
+        env:
+          USER_UID: "977"
+          USER_GID: "988"
+          TZ: Europe/London
         volumes:
-          - /var/run/docker.sock:/var/run/docker.sock
-          - /home/matt/.docker/config.json:/config.json
-        command:
-          - --cleanup
-          - --http-api-update
-          - --http-api-token={{ secrets.WATCHTOWER_HTTP_API_TOKEN }}
-          - --http-api-periodic-polls
+          - /mnt/gitea_data:/data:z
+          - /mnt/gitea_repos:/data/git/repositories:z
         ports:
-          - "8080:8080"
+          - "3002:3000"
+          - "2222:22"
         state: started
 
-
+    - name: Enable podman auto-update timer
+      become: true
+      ansible.builtin.systemd:
+        name: podman-auto-update.timer
+        enabled: true
+        state: started