- name: Install base packages
  become: true
  ansible.builtin.package:
    name:
      - podman
      - podman-docker
    state: present

- name: Add the 'containers' user
  become: true
  ansible.builtin.user:
    name: containers
    password: "!"
    system: false
    shell: /bin/bash
    comment: User running unprivileged containers
    state: present

- name: Add admin pub keys to authorized_keys
  become: true
  ansible.posix.authorized_keys:
    user: containers
    key: "{{ item }}"
    state: present
  loop: "{{ vault_containers_authorized_keys }}"

- name: Check if user is lingering
  ansible.builtin.stat:
    path: "/var/lib/systemd/linger/containers"
  register: user_lingering

- name: Enable lingering is needed
  become: true
  ansible.builtin.command: "loginctl enable-linger containers"
  when:
    - not user_lingering.stat.exists

- name: Allow unprivileged users to open ports
  become: true
  ansible.posix.sysctl:
    name: net.ipv4.ip_unprivileged_port_start
    value: "80"
    sysctl_set: true

- name: Enable podman socket
  become: true
  become_user: containers
  ansible.builtin.systemd:
    scope: user
    name: podman.socket
    enabled: true
    state: started

- name: Enable podman auto-update timer
  become: true
  ansible.builtin.systemd:
    name: podman-auto-update.timer
    enabled: true

- name: Copy default containers config file
  become: true
  ansible.builtin.copy:
    remote_src: true
    src: /usr/share/containers/containers.conf
    dest: /etc/containers/containers.conf
    mode: 0644

- name: Change podman default subnet
  become: true
  ansible.builtin.lineinfile:
    path: /etc/containers/containers.conf
    regex: "^(.*)default_subnet = (.*)$"
    line: 'default_subnet = "172.16.0.0/24"'

# - name: Reboot
#   become: true
#   ansible.builtin.reboot: