--- # Baikal needs rw permissions on *config/* for *nginx* user. # The *nginx* user in the container has uid=101. - name: Change permissions of baikal files to nginx in namespace ansible.builtin.file: path: "{{ DATA_ROOT }}/baikal/config" recurse: true owner: 101 group: 101 become: true become_method: containers.podman.podman_unshare # By default become user is 'root'. # https://github.com/containers/ansible-podman-collections/issues/529 become_user: "{{ USER }}" - name: Baikal containers.podman.podman_container: name: baikal image: docker.io/ckulka/baikal:nginx network: "{{ NETWORK }}" volumes: # Use 'Z' to privately relable selinux contexts. - "{{ DATA_ROOT }}/baikal/config:/var/www/baikal/config:Z" - "{{ DATA_ROOT }}/baikal/Specific:/var/www/baikal/Specific:Z" notify: Restart nginx