ansible-collection-wip/roles/podman_cleaninsights/tasks/main.yml

---
- name: create service configuration directories
  ansible.builtin.file:
    path: "/home/{{ podman_cleaninsights_podman_rootless_user }}/{{ item }}"
    state: directory
    owner: "{{ podman_cleaninsights_podman_rootless_user }}"
    group: "{{ podman_cleaninsights_podman_rootless_user }}"
    mode: "0755"
  become: true
  with_items:
    - mysql
    - matomo


- name: install cleaninsights script
  ansible.builtin.copy:
    src: templates/cleaninsights.php
    dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/matomo/cleaninsights.php"
    owner: "{{ podman_cleaninsights_podman_rootless_user }}"
    group: "{{ podman_cleaninsights_podman_rootless_user }}"
    mode: "0755"
  become: true

- name: install cleaninsights configuration file
  ansible.builtin.template:
    src: "cleaninsights.ini.j2"
    dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/matomo/cleaninsights.ini"
    owner: "{{ podman_cleaninsights_podman_rootless_user }}"
    group: "{{ podman_cleaninsights_podman_rootless_user }}"
    mode: "0755"
  become: true

- name: install podman quadlet for rootless podman user
  ansible.builtin.template:
    src: "{{ item }}"
    dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/.config/containers/systemd/{{ item }}"
    owner: "{{ podman_cleaninsights_podman_rootless_user }}"
    mode: "0400"
  with_items:
    - matomo.container
    - mysql.container
    - redis.container
  notify:
    - "restart {{ item | split('.') | first }}"
  become: true


- name: install network quadlets for rootless podman user
  ansible.builtin.template:
    src: "{{ item }}"
    dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/.config/containers/systemd/{{ item }}"
    owner: "{{ podman_cleaninsights_podman_rootless_user }}"
    mode: "0400"
  with_items:
    - frontend.network
    - cleaninsights.network
  become: true

- name: verify quadlets are correctly defined
  ansible.builtin.command: /usr/libexec/podman/quadlet -dryrun -user
  register: podman_cleaninsights_quadlet_result
  ignore_errors: true
  changed_when: false
  become: true
  become_user: "{{ podman_cleaninsights_podman_rootless_user }}"

- name: assert that the quadlet verification succeeded
  ansible.builtin.assert:
    that:
      - podman_cleaninsights_quadlet_result.rc == 0
    fail_msg: "'/usr/libexec/podman/quadlet -dryrun -user' failed! Output withheld to prevent leaking secrets."

- name: set up nginx
  ansible.builtin.include_role:
    name: irl.wip.podman_nginx
  vars:
    podman_nginx_frontend_network: frontend
    podman_nginx_podman_rootless_user: "{{ podman_cleaninsights_podman_rootless_user }}"
    podman_nginx_primary_hostname: "{{ podman_cleaninsights_web_hostname }}"
    podman_nginx_systemd_service_slice: cleaninsights.slice
    podman_nginx_systemd_service_requires: ["matomo"]

- name: create nginx configuration file
  ansible.builtin.template:
    src: nginx.conf
    dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/nginx/nginx.conf"
    owner: "{{ podman_cleaninsights_podman_rootless_user }}"
    group: "{{ podman_cleaninsights_podman_rootless_user }}"
    mode: "0644"
  become: true

- name: install services slice for rootless podman user
  ansible.builtin.template:
    src: "cleaninsights.slice"
    dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/.config/systemd/user/cleaninsights.slice"
    owner: "{{ podman_cleaninsights_podman_rootless_user }}"
    group:  "{{ podman_cleaninsights_podman_rootless_user }}"
    mode: "0655"
  become: true

- name: make sure services are started on boot
  ansible.builtin.systemd_service:
    name: "cleaninsights.slice"
    enabled: true
    state: started
    daemon_reload: true
    scope: user
  become: true
  become_user: "{{ podman_cleaninsights_podman_rootless_user }}"
Feat: add cleaninsights role 2025-08-08 12:00:26 +01:00			`---`
			`- name: create service configuration directories`
			`ansible.builtin.file:`
			`path: "/home/{{ podman_cleaninsights_podman_rootless_user }}/{{ item }}"`
			`state: directory`
			`owner: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`group: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`mode: "0755"`
			`become: true`
			`with_items:`
			`- mysql`
			`- matomo`

Add cleaninishgts script and config file 2025-08-08 12:42:31 +01:00
			`- name: install cleaninsights script`
			`ansible.builtin.copy:`
			`src: templates/cleaninsights.php`
			`dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/matomo/cleaninsights.php"`
			`owner: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`group: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`mode: "0755"`
			`become: true`

			`- name: install cleaninsights configuration file`
			`ansible.builtin.template:`
			`src: "cleaninsights.ini.j2"`
			`dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/matomo/cleaninsights.ini"`
			`owner: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`group: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`mode: "0755"`
			`become: true`

Feat: add cleaninsights role 2025-08-08 12:00:26 +01:00			`- name: install podman quadlet for rootless podman user`
			`ansible.builtin.template:`
			`src: "{{ item }}"`
			`dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/.config/containers/systemd/{{ item }}"`
			`owner: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`mode: "0400"`
			`with_items:`
			`- matomo.container`
			`- mysql.container`
			`- redis.container`
			`notify:`
			`- "restart {{ item \| split('.') \| first }}"`
			`become: true`


			`- name: install network quadlets for rootless podman user`
			`ansible.builtin.template:`
			`src: "{{ item }}"`
			`dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/.config/containers/systemd/{{ item }}"`
			`owner: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`mode: "0400"`
			`with_items:`
			`- frontend.network`
			`- cleaninsights.network`
			`become: true`

			`- name: verify quadlets are correctly defined`
			`ansible.builtin.command: /usr/libexec/podman/quadlet -dryrun -user`
			`register: podman_cleaninsights_quadlet_result`
			`ignore_errors: true`
			`changed_when: false`
			`become: true`
			`become_user: "{{ podman_cleaninsights_podman_rootless_user }}"`

			`- name: assert that the quadlet verification succeeded`
			`ansible.builtin.assert:`
			`that:`
			`- podman_cleaninsights_quadlet_result.rc == 0`
			`fail_msg: "'/usr/libexec/podman/quadlet -dryrun -user' failed! Output withheld to prevent leaking secrets."`

			`- name: set up nginx`
			`ansible.builtin.include_role:`
			`name: irl.wip.podman_nginx`
			`vars:`
			`podman_nginx_frontend_network: frontend`
			`podman_nginx_podman_rootless_user: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`podman_nginx_primary_hostname: "{{ podman_cleaninsights_web_hostname }}"`
			`podman_nginx_systemd_service_slice: cleaninsights.slice`
			`podman_nginx_systemd_service_requires: ["matomo"]`

			`- name: create nginx configuration file`
			`ansible.builtin.template:`
			`src: nginx.conf`
			`dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/nginx/nginx.conf"`
			`owner: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`group: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`mode: "0644"`
			`become: true`

			`- name: install services slice for rootless podman user`
			`ansible.builtin.template:`
			`src: "cleaninsights.slice"`
			`dest: "/home/{{ podman_cleaninsights_podman_rootless_user }}/.config/systemd/user/cleaninsights.slice"`
			`owner: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`group: "{{ podman_cleaninsights_podman_rootless_user }}"`
			`mode: "0655"`
			`become: true`

			`- name: make sure services are started on boot`
			`ansible.builtin.systemd_service:`
			`name: "cleaninsights.slice"`
			`enabled: true`
			`state: started`
			`daemon_reload: true`
			`scope: user`
			`become: true`
			`become_user: "{{ podman_cleaninsights_podman_rootless_user }}"`