Add volume role and support setting volume owner

Add volume role container: Use volume role, including support for user and group
2024-11-19 19:50:43 +02:00
parent 61aa99bcd1
commit 61a8e67205
10 changed files with 93 additions and 1 deletions
--- a/roles/container/meta/argument_specs.yaml
+++ b/roles/container/meta/argument_specs.yaml
@@ -53,6 +53,16 @@ argument_specs:
            type: bool
            required: false
            default: false
+          user:
+            description: Volume owner uid. Only applicable if mount type is volume.
+            type: str
+            required: false
+            default: ""
+          group:
+            description: Volume owner gid. Only applicable if mount type is volume.
+            type: str
+            required: false
+            default: ""

      container_publish_ports:
        description: "A list of published ports in docker format (<host listen address>:<host port>:<container port>)"
--- a/roles/container/tasks/main.yaml
+++ b/roles/container/tasks/main.yaml
@@ -11,6 +11,17 @@
  loop_control:
    loop_var: network

+- name: Create volumes for container {{ container_name }}
+  ansible.builtin.include_role:
+    name: volume
+  vars:
+    volume_name: "{{ volume.source }}"
+    volume_uid: "{{ volume.user | default('') }}"
+    volume_gid: "{{ volume.group | default('') }}"
+  loop: "{{ _container_volumes }}"
+  loop_control:
+    loop_var: volume
+
 - name: Create secrets for container {{ container_name }}
  containers.podman.podman_secret:
    name: "{{ item.name }}"
@@ -24,7 +35,7 @@
    name: "{{ container_name }}"
    command: "{{ container_command or omit }}"
    user: "{{ container_user or omit }}"
-    mount: "{{ container_mounts | map('items') | map('map', 'join', '=') | map('join', ',') }}"
+    mount: "{{ _container_mounts | map('items') | map('map', 'join', '=') | map('join', ',') }}"
    network: "{{ container_networks | map('regex_replace', '$', '.network') }}"
    publish: "{{ container_publish_ports }}"
    secrets: "{{ container_secrets | map(attribute='name') }}"
--- a/roles/container/vars/main.yaml
+++ b/roles/container/vars/main.yaml
@@ -1,4 +1,25 @@
 ---
+_container_volumes: "{{ container_mounts | selectattr('type', '==', 'volume') }}"
+
+_container_mount_sources: "{{ container_mounts | map(attribute='source') }}"
+_container_mount_destinations: "{{ container_mounts | map(attribute='destination') }}"
+
+_container_volume_mount_sources: >-
+  {{
+    _container_volumes
+    | map(attribute='source')
+    | map('regex_replace', '$', '.volume')
+    | map('community.general.dict_kv', 'source')
+  }}
+
+_container_mounts: >-
+  {{
+    container_mounts | selectattr('type', '!=', 'volume') +
+    container_mounts | selectattr('type', '==', 'volume')
+      | community.general.remove_keys(['user', 'group'])
+      | zip(_container_volume_mount_sources) | map('combine')
+  }}
+
 _container_quadlet_unit_options: |
  [Unit]
  Description=Container {{ container_name }}