nuc_bootc.yml

---
- name: Perform post build install/config of NUC server running Fedora via bootc
  hosts: nuc.lan
  gather_facts: yes
  become: yes

  pre_tasks:
    - name: Set the system hostname correctly
      ansible.builtin.hostname:
        name: "{{ inventory_hostname }}"
        use: systemd
      tags:
        - hostname

    #- name: Set the system timezone correctly
      #community.general.timezone:
        #name: "{{ timezone }}"
      #tags:
      #- timesync

    - name: What's the user containers directory?
      ansible.builtin.debug:
        var: mount_point_user_containers

    - name: Configure storage directory for rootless containers
      block:
        - name: Set correct directory ownership/permissions for rootless container mount point
          ansible.builtin.file:
            path: "{{ mount_point_user_containers }}"
            state: directory
            owner: root
            group: root
            mode: '0777'

        # Fix the SELinux permissions for user container storage as per:
        # https://github.com/containers/podman/issues/12812
        # https://github.com/containers/podman/issues/3234
        # $ sudo semanage fcontext -a -e $HOME/.local/share/containers /mnt/containers
        # $ restorecon -R -v /mnt
        - name: Allow users to modify files in their local container storage directories
          community.general.sefcontext:
            target: "{{ mount_point_user_containers }}"
            # Trying to set seuser is redundant when using SELinux targeted policy
            seuser: unconfined_u
            setype: data_home_t
            state: present

        - name: Apply new SELinux file context to filesystem
          #ansible.builtin.command: restorecon -irv /mnt/containers
          ansible.builtin.command: restorecon -iv {{ mount_point_user_containers }}
      when: mount_point_user_containers is defined
      tags:
        - podman

    - name: Create mount points for media/backups
      ansible.builtin.file:
        path: "{{ item }}"
        state: directory
        mode: '0755'
        owner: root
        group: root
      loop:
        - /var/mnt/sg1
        - /var/mnt/sg2
        - /var/mnt/sg3
      tags:
        - nfs

    - name: Mount the filesystem for media/backups
      ansible.posix.mount:
        path: /var/mnt/sg2
        src: LABEL=SEAGATE2
        fstype: ext4
        state: mounted
        backup: yes
      tags:
        - nfs

    - name: Create mount point for vm_images filesystem
      ansible.builtin.file:
        path: /var/mnt/vm_images
        state: directory
        mode: '0755'
        owner: root
        group: root
      tags:
        - nfs

    - name: Mount vm_images filesystem from MicroServer
      ansible.posix.mount:
        src: micro.lan:/var/mnt/vm_images
        path: /var/mnt/vm_images
        opts: x-systemd.after=network-online.target
        state: mounted
        fstype: nfs
      tags:
        - nfs

  roles:
    - ssh_config_bblasco
    - fedora.linux_system_roles.storage
    - fedora.linux_system_roles.firewall
    - fedora.linux_system_roles.timesync
    - fedora.linux_system_roles.cockpit
    - fedora.linux_system_roles.podman
    - geerlingguy.nfs
    #- fedora.linux_system_roles.kdump
    - tmux
    #- librespot
...