From 82713dabce887a83f1789b9a61bfee1e19c0dd2f Mon Sep 17 00:00:00 2001
From: "Ivo C.S. Wingelaar" <ivo@wingelaar.be>
Date: Sun, 13 Oct 2024 14:44:30 +0200
Subject: [PATCH] Make user for podman containers configurable

---
 roles/podman_certbot/defaults/main.yml               | 1 +
 roles/podman_certbot/handlers/main.yml               | 2 +-
 roles/podman_certbot/tasks/main.yml                  | 2 +-
 roles/podman_certbot_root_transfer/handlers/main.yml | 2 +-
 roles/podman_certbot_root_transfer/tasks/main.yml    | 4 ++--
 roles/podman_forgejo/defaults/main.yml               | 1 +
 roles/podman_forgejo/tasks/main.yml                  | 2 +-
 7 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/roles/podman_certbot/defaults/main.yml b/roles/podman_certbot/defaults/main.yml
index 8d07761..5b8a5c6 100644
--- a/roles/podman_certbot/defaults/main.yml
+++ b/roles/podman_certbot/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 podman_certbot_port_mapping: "8080:80"
 podman_certbot_timer: weekly
+podman_certbot_user: podman
diff --git a/roles/podman_certbot/handlers/main.yml b/roles/podman_certbot/handlers/main.yml
index 43db239..5efe59d 100644
--- a/roles/podman_certbot/handlers/main.yml
+++ b/roles/podman_certbot/handlers/main.yml
@@ -4,5 +4,5 @@
     daemon_reload: true
     scope: user
   become_method: community.general.machinectl
-  become_user: podman
+  become_user: "{{ podman_certbot_user }}"
   become: true
diff --git a/roles/podman_certbot/tasks/main.yml b/roles/podman_certbot/tasks/main.yml
index 79b6264..d0ee85b 100644
--- a/roles/podman_certbot/tasks/main.yml
+++ b/roles/podman_certbot/tasks/main.yml
@@ -2,5 +2,5 @@
 - name: Configure Certbot service
   ansible.builtin.import_tasks: machinectl.yml
   become_method: community.general.machinectl
-  become_user: podman
+  become_user: "{{ podman_certbot_user }}"
   become: true
diff --git a/roles/podman_certbot_root_transfer/handlers/main.yml b/roles/podman_certbot_root_transfer/handlers/main.yml
index 43db239..5efe59d 100644
--- a/roles/podman_certbot_root_transfer/handlers/main.yml
+++ b/roles/podman_certbot_root_transfer/handlers/main.yml
@@ -4,5 +4,5 @@
     daemon_reload: true
     scope: user
   become_method: community.general.machinectl
-  become_user: podman
+  become_user: "{{ podman_certbot_user }}"
   become: true
diff --git a/roles/podman_certbot_root_transfer/tasks/main.yml b/roles/podman_certbot_root_transfer/tasks/main.yml
index dcbc29f..ca9685c 100644
--- a/roles/podman_certbot_root_transfer/tasks/main.yml
+++ b/roles/podman_certbot_root_transfer/tasks/main.yml
@@ -20,7 +20,7 @@
 - name: Allow podman user to execute the move command
   community.general.sudoers:
     name: allow-podman-move-certificates
-    user: podman
+    user: "{{ podman_certbot_user }}"
     state: present
     commands:
       - /usr/local/bin/move-certificate-files-to-root
@@ -29,5 +29,5 @@
 - name: Configure Certbot service
   ansible.builtin.import_tasks: machinectl.yml
   become_method: community.general.machinectl
-  become_user: podman
+  become_user: "{{ podman_certbot_user }}"
   become: true
diff --git a/roles/podman_forgejo/defaults/main.yml b/roles/podman_forgejo/defaults/main.yml
index 315314b..7933e60 100644
--- a/roles/podman_forgejo/defaults/main.yml
+++ b/roles/podman_forgejo/defaults/main.yml
@@ -1,2 +1,3 @@
 ---
 podman_forgejo_version: 8.0.1
+podman_forgejo_user: podman
diff --git a/roles/podman_forgejo/tasks/main.yml b/roles/podman_forgejo/tasks/main.yml
index 3bddcf7..bd3e109 100644
--- a/roles/podman_forgejo/tasks/main.yml
+++ b/roles/podman_forgejo/tasks/main.yml
@@ -2,5 +2,5 @@
 - name: Configure Forgejo service
   ansible.builtin.import_tasks: machinectl.yml
   become_method: community.general.machinectl
-  become_user: podman
+  become_user: "{{ podman_forgejo_user }}"
   become: true