--- - name: Create Woodpecker agent volume containers.podman.podman_volume: name: "woodpecker-agent-{{ workspace_user }}" state: present - name: Create Woodpecker agent secret containers.podman.podman_secret: state: present name: "woodpecker-agent-secret-{{ workspace_user }}" data: "{{ podman_woodpecker_agent_secret }}" # Necessary to make the module idempotent on Podman < v4.7 # See: https://github.com/containers/ansible-podman-collections/issues/692 skip_existing: true - name: Determine UID of workspace user ansible.builtin.user: name: "{{ workspace_user }}" register: user_data - name: Create Woodpecker container containers.podman.podman_container: name: "woodpecker-agent-{{ user_data['uid'] }}" state: present image: "{{ podman_woodpecker_agent_image_path }}:{{ podman_woodpecker_version }}" volumes: - 'woodpecker-agent-{{ workspace_user }}:/etc/woodpecker' - '/etc/timezone:/etc/timezone:ro' - '/etc/localtime:/etc/localtime:ro' - "/run/woodpecker/{{ user_data['uid'] }}.sock:/var/run/docker.sock" env: WOODPECKER_SERVER: "{{ podman_woodpecker_agent_server }}" WOODPECKER_HOSTNAME: "{{ workspace_user }}" # Nothing is using the healthcheck IIUC, so disabling it doesn't reduce functionality. WOODPECKER_HEALTHCHECK: false WOODPECKER_LOG_LEVEL: debug WOODPECKER_BACKEND: docker WOODPECKER_GRPC_SECURE: true WOODPECKER_FILTER_LABELS: "{{ podman_woodpecker_agent_filter_labels }}" secrets: - "woodpecker-agent-secret-{{ workspace_user }},type=env,target=WOODPECKER_AGENT_SECRET" generate_systemd: restart_policy: always path: ~/.config/systemd/user after: "podman-proxy@{{ user_data['uid'] }}.target" requires: "podman-proxy@{{ user_data['uid'] }}.target" notify: Reload user systemd daemon - name: Flush handlers ansible.builtin.meta: flush_handlers - name: Start and enable Woodpecker services ansible.builtin.systemd_service: name: "{{ item }}" daemon_reload: true state: started enabled: true scope: user loop: - "podman-proxy@{{ user_data['uid'] }}.path" - "container-woodpecker-agent-{{ user_data['uid'] }}.service"