diff --git a/tasks/configure-user.yml b/tasks/configure-user.yml new file mode 100644 index 0000000..cdb8bc0 --- /dev/null +++ b/tasks/configure-user.yml @@ -0,0 +1,30 @@ +--- +# https://eengstrom.github.io/musings/generate-non-contiguous-subuid-subgid-maps-for-rootless-podman + +- name: Get user infos + getent: + database: passwd + key: "{{ subid_user }}" + +- name: Set subuids + ansible.builtin.lineinfile: + path: "/etc/subuid" + regexp: "{{ subid_user }}" + line: "{{ subid_user }}:{{ getent_passwd[subid_user].1 | int | bitwise_shift_left(subuid_bitshift) }}:65536" + backup: true + create: true + mode: 0644 + owner: root + group: root + + +- name: Set subgids + ansible.builtin.lineinfile: + path: "/etc/subgid" + regexp: "{{ subid_user }}" + line: "{{ subid_user }}:{{ getent_passwd[subid_user].2 | int | bitwise_shift_left(subgid_bitshift) }}:65536" + backup: true + create: true + mode: 0644 + owner: root + group: root diff --git a/tasks/main.yml b/tasks/main.yml index 0906aa0..1e0c0ba 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,34 +1,5 @@ ---- -# https://eengstrom.github.io/musings/generate-non-contiguous-subuid-subgid-maps-for-rootless-podman - -- name: Get user infos - getent: - database: passwd - -- name: Set subuids - ansible.builtin.lineinfile: - path: "/etc/subuid" - regexp: "{{ user }}" - line: "{{ user }}:{{ getent_passwd[user].1 | int | bitwise_shift_left(subuid_bitshift) }}:65536" - backup: true - create: true - mode: 0644 - owner: root - group: root +- name: Configure each user + include_tasks: configure-user.yml loop: "{{ subid_users }}" loop_control: - loop_var: "user" - -- name: Set subgids - ansible.builtin.lineinfile: - path: "/etc/subgid" - regexp: "{{ user }}" - line: "{{ user }}:{{ getent_passwd[user].2 | int | bitwise_shift_left(subgid_bitshift) }}:65536" - backup: true - create: true - mode: 0644 - owner: root - group: root - loop: "{{ subid_users }}" - loop_control: - loop_var: "user" + loop_var: "subid_user" \ No newline at end of file