--- - name: Set UID/GID mapping range loop: - /etc/subgid - /etc/subuid ansible.builtin.copy: content: | nimrod:100000:65536 dest: |- {{ item }} group: root mode: 0o0644 owner: root - name: Allow unprivileged user namespaces when: ansible_facts.distribution_major_version|int < 11 ansible.posix.sysctl: name: kernel/unprivileged_userns_clone state: present value: "1" - name: Install Podman from the Kubic repository # yamllint disable-line rule:line-length when: ansible_facts.distribution_release in toolbox_podman_repo_base_url_mapping block: - name: Add the Podman repo key ansible.builtin.apt_key: state: present url: |- {{ toolbox_podman_repo_base_url }}/Release.key - name: Add the Podman repo ansible.builtin.apt_repository: repo: |- deb {{ toolbox_podman_repo_base_url }} / state: present update_cache: true - name: Install newer libseccomp2 from the backports repository when: ansible_facts.distribution_release == "buster" ansible.builtin.apt: cache_valid_time: 3600 default_release: buster-backports name: - libseccomp2 state: present update_cache: true - name: APT install prerequisites ansible.builtin.apt: cache_valid_time: 3600 install_recommends: false name: # Flatpak is needed for running flatpak-spawn inside the Toolbox # containers. - flatpak - podman state: present update_cache: true - name: Install Toolbx from toolbox-build # yamllint disable-line rule:line-length when: ansible_facts.distribution_release is in toolbox_distros_without_apt_package ansible.builtin.unarchive: dest: /usr/local/ remote_src: true # yamllint disable-line rule:line-length src: https://git.shore.co.il/shore/toolbox-build/-/jobs/artifacts/master/raw/toolbox.tar.gz?job=build - name: APT install Toolbx # yamllint disable-line rule:line-length when: ansible_facts.distribution_release is not in toolbox_distros_without_apt_package ansible.builtin.apt: cache_valid_time: 3600 name: - podman-toolbox state: present update_cache: true