--- - name: Install podman for anubis container ansible.builtin.package: name: podman state: present tags: - config - anubis - name: Add anubis group ansible.builtin.group: name: anubis system: yes tags: - config - anubis - name: Add anubis user ansible.builtin.user: name: anubis group: anubis system: yes tags: - config - anubis - name: install subuid file ansible.builtin.copy: dest: /etc/subuid src: subuid owner: root group: root mode: '0644' tags: - config - anubis - name: install subgid file ansible.builtin.copy: dest: /etc/subgid src: subuid owner: root group: root mode: '0644' tags: - config - anubis - name: Check semanage ports ansible.builtin.command: semanage port -l register: semanageoutput check_mode: no changed_when: "1 != 1" tags: - anubis - name: Set ports so httpd can bind to 3923 ansible.builtin.command: semanage port -a -t http_port_t -p tcp 3923 when: semanageoutput.stdout.find("3923") == -1 - name: Create the directory to store the anubis policy file ansible.builtin.file: dest: /srv/anubis/cfg/ state: directory recurse: true owner: root group: root mode: '0755' tags: - config - anubis - name: Add the anubis bot config file ansible.builtin.copy: src: botPolicy.yaml dest: /srv/anubis/cfg/botPolicy.yaml owner: root group: root mode: '0644' notify: - Restart anubis-el tags: - config - anubis # This service calls podman to pull the anubis container, # then sets various env variables for the service and runs it. - name: Add the anubis systemd service ansible.builtin.copy: src: anubis.service dest: /etc/systemd/system/anubis.service owner: root group: root mode: '0644' tags: - config - anubis notify: - Reload systemd - name: Add the anubis env file ansible.builtin.template: src: env.j2 dest: /srv/anubis/cfg/env owner: root group: root mode: '0644' notify: - Restart anubis-el - name: Enable and make sure pod is started ansible.builtin.systemd: name: anubis state: started enabled: true tags: - config - anubis