--- - name: Create group ansible.builtin.group: name: rocketchat - name: Create user ansible.builtin.user: name: rocketchat comment: Podman Rocket.Chat group: rocketchat shell: /sbin/nologin - name: Enable user lingering ansible.builtin.command: argv: - loginctl - enable-linger - rocketchat creates: /var/lib/systemd/linger/rocketchat - name: Generate combined certificate/private key file contents ansible.builtin.command: argv: - /bin/cat - "{{ tls_certs }}/{{ inventory_hostname }}.crt" - "{{ tls_private }}/{{ inventory_hostname }}.key" changed_when: false check_mode: false register: rocketchat_cert_key - name: Get rocketchat subgid value ansible.builtin.command: argv: - sed - -n - 's/^rocketchat:\([0-9]\+\):[0-9]\+$/\1/p' - /etc/subuid changed_when: false register: result - name: Create combined certificate/private key file ansible.builtin.copy: dest: "{{ tls_private }}/rocketchat.pem" content: "{{ rocketchat_cert_key.stdout }}" mode: "0640" owner: root group: "{{ result.stdout | int + 65532 }}" notify: Restart rocketchat - name: Create service config ansible.builtin.template: dest: /etc/sysconfig/rocketchat-container src: rocketchat-container.sysconfig.j2 mode: "0600" owner: root group: "{{ ansible_wheel }}" notify: Restart rocketchat - name: Create service file ansible.builtin.template: dest: /etc/systemd/system/rocketchat-container.service src: rocketchat-container.service.j2 mode: "0644" owner: root group: "{{ ansible_wheel }}" notify: Restart rocketchat - name: Enable service ansible.builtin.service: name: rocketchat-container state: started enabled: true - name: Copy nginx config ansible.builtin.copy: dest: /etc/nginx/conf.d/{{ inventory_hostname }}/rocketchat-container.conf content: | location /rocketchat/ { proxy_pass http://127.0.0.1:8008/; } mode: "0644" owner: root group: "{{ ansible_wheel }}" notify: Restart nginx