Merge remote-tracking branch 'upstream/master'

Author: stevleibelt

ansible/roles/containers/files/registries.conf

@@ -0,0 +1,25 @@
+# This is a system-wide configuration file used to
+# keep track of registries for various container backends.
+# It adheres to TOML format and does not support recursive
+# lists of registries.
+
+# The default location for this configuration file is /etc/containers/registries.conf.
+
+# The only valid categories are: 'registries.search', 'registries.insecure',
+# and 'registries.block'.
+
+[registries.search]
+registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
+
+# If you need to access insecure registries, add the registry's fully-qualified name.
+# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
+[registries.insecure]
+registries = []
+
+
+# If you need to block pull access from a registry, uncomment the section below
+# and add the registries fully-qualified name.
+#
+# Docker only
+[registries.block]
+registries = []

ansible/roles/containers/files/storage.conf

@@ -0,0 +1,133 @@
+# This file is is the configuration file for all tools
+# that use the containers/storage library.
+# See man 5 containers-storage.conf for more information
+# The "container storage" table contains all of the server options.
+[storage]
+
+# Default Storage Driver
+driver = "zfs"
+
+# Temporary storage location
+runroot = "/var/run/containers/storage"
+
+# Primary Read/Write location of container storage
+graphroot = "/var/lib/containers/storage"
+
+[storage.options]
+# Storage options to be passed to underlying storage drivers
+
+# AdditionalImageStores is used to pass paths to additional Read/Only image stores
+# Must be comma separated list.
+additionalimagestores = [
+]
+
+# Size is used to set a maximum size of the container image.  Only supported by
+# certain container storage drivers.
+size = ""
+
+# Path to an helper program to use for mounting the file system instead of mounting it
+# directly.
+mount_program = "/usr/bin/fuse-overlayfs"
+
+# OverrideKernelCheck tells the driver to ignore kernel checks based on kernel version
+override_kernel_check = "true"
+
+# mountopt specifies comma separated list of extra mount options
+mountopt = "nodev"
+
+# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
+# a container, to UIDs/GIDs as they should appear outside of the container, and
+# the length of the range of UIDs/GIDs.  Additional mapped sets can be listed
+# and will be heeded by libraries, but there are limits to the number of
+# mappings which the kernel will allow when you later attempt to run a
+# container.
+#
+# remap-uids = 0:1668442479:65536
+# remap-gids = 0:1668442479:65536
+
+# Remap-User/Group is a name which can be used to look up one or more UID/GID
+# ranges in the /etc/subuid or /etc/subgid file.  Mappings are set up starting
+# with an in-container ID of 0 and the a host-level ID taken from the lowest
+# range that matches the specified name, and using the length of that range.
+# Additional ranges are then assigned, using the ranges which specify the
+# lowest host-level IDs first, to the lowest not-yet-mapped container-level ID,
+# until all of the entries have been used for maps.
+#
+# remap-user = "storage"
+# remap-group = "storage"
+
+[storage.options.thinpool]
+# Storage Options for thinpool
+
+# autoextend_percent determines the amount by which pool needs to be
+# grown. This is specified in terms of % of pool size. So a value of 20 means
+# that when threshold is hit, pool will be grown by 20% of existing
+# pool size.
+# autoextend_percent = "20"
+
+# autoextend_threshold determines the pool extension threshold in terms
+# of percentage of pool size. For example, if threshold is 60, that means when
+# pool is 60% full, threshold has been hit.
+# autoextend_threshold = "80"
+
+# basesize specifies the size to use when creating the base device, which
+# limits the size of images and containers.
+# basesize = "10G"
+
+# blocksize specifies a custom blocksize to use for the thin pool.
+# blocksize="64k"
+
+# directlvm_device specifies a custom block storage device to use for the
+# thin pool. Required if you setup devicemapper.
+# directlvm_device = ""
+
+# directlvm_device_force wipes device even if device already has a filesystem.
+# directlvm_device_force = "True"
+
+# fs specifies the filesystem type to use for the base device.
+# fs="xfs"
+
+# log_level sets the log level of devicemapper.
+# 0: LogLevelSuppress 0 (Default)
+# 2: LogLevelFatal
+# 3: LogLevelErr
+# 4: LogLevelWarn
+# 5: LogLevelNotice
+# 6: LogLevelInfo
+# 7: LogLevelDebug
+# log_level = "7"
+
+# min_free_space specifies the min free space percent in a thin pool require for
+# new device creation to succeed. Valid values are from 0% - 99%.
+# Value 0% disables
+# min_free_space = "10%"
+
+# mkfsarg specifies extra mkfs arguments to be used when creating the base.
+# device.
+# mkfsarg = ""
+
+# use_deferred_removal marks devicemapper block device for deferred removal.
+# If the thinpool is in use when the driver attempts to remove it, the driver
+# tells the kernel to remove it as soon as possible. Note this does not free
+# up the disk space, use deferred deletion to fully remove the thinpool.
+# use_deferred_removal = "True"
+
+# use_deferred_deletion marks thinpool device for deferred deletion.
+# If the device is busy when the driver attempts to delete it, the driver
+# will attempt to delete device every 30 seconds until successful.
+# If the program using the driver exits, the driver will continue attempting
+# to cleanup the next time the driver is used. Deferred deletion permanently
+# deletes the device and all data stored in device will be lost.
+# use_deferred_deletion = "True"
+
+# xfs_nospace_max_retries specifies the maximum number of retries XFS should
+# attempt to complete IO when ENOSPC (no space) error is returned by
+# underlying storage device.
+# xfs_nospace_max_retries = "0"
+
+# If specified, use OSTree to deduplicate files with the overlay backend
+ostree_repo = ""
+
+# Set to skip a PRIVATE bind mount on the storage home directory.  Only supported by
+# certain container storage drivers
+skip_mount_home = "false"

ansible/roles/containers/tasks/main.yml

@@ -21,7 +21,7 @@
     skip_installed: true
     name:
       - kompose-bin     # docker-compose to manifest convertor
-      - k3s-bin         # Lightweight Kubernetes in a signle binary 
+      - k3s-bin         # Lightweight Kubernetes in a signle binary
       - stern           # tail multiple pods on Kubernetes
       - kubespy         # observe Kubernetes resources in real time
 
@@ -40,12 +40,15 @@
     src: subgid.j2
     dest: /etc/subgid
 
-- name: disable zfs overlay storage not supported by podman
-  lineinfile:
-    path: /etc/containers/storage.conf
-    regexp: 'mount_program = "/usr/bin/fuse-overlayfs"'
-    line: 'mount_program = "/usr/bin/fuse-overlayfs"'
-    state: present
+- name: configure podman registries
+  copy:
+    src: registries.conf
+    dest: /etc/containers/
+
+- name: configure podman storage
+  copy:
+    src: storage.conf
+    dest: /etc/containers/
 
 - name: Add user to docker group
   user:

ansible/roles/desktop/tasks/main.yml

@@ -67,6 +67,8 @@
       - openconnect # globalprotect vpn client
       - playerctl # music player cli controller
       - rdesktop # remote desktop client
+      - remmina # remote desktop client
+      - freerdp # remmina dep for rdp
       - steam # games manager
       - transmission-gtk # torrent downloader
       - texlive-bin # latex

scripts/zfs/install/02-install.sh

@@ -225,7 +225,7 @@ EOSF
 
   # Create user
   zfs create zroot/data/home/${user}
-  useradd -m ${user}
+  useradd -m ${user} -G wheel
   chown -R ${user}:${user} /home/${user}
 
 EOF