---
# container_runtime/tasks/main.yml
- name: Install required base packages
  become: true
  dnf:
    name: "{{ item }}"
    state: present
  loop: "{{ base_runtime_install_packages }}"

- name: Enable lingering for rootless containers
  become: true
  command: "loginctl enable-linger {{ container_user }}"
  args:
    creates: "/var/lib/systemd/linger/{{ container_user }}"
    
- name: Allow rootless to bind to low ports
  become: true
  sysctl:
    name: net.ipv4.ip_unprivileged_port_start
    value: '53'
    state: present

- name: Check configuration directories exist
  ansible.builtin.stat:
    path: "{{ item }}"
  loop:
    - "{{ stack_root }}"
    - "{{ container_config_dir }}"
  register: config_dirs_stats

- name: Build list of missing configuration directories
  ansible.builtin.set_fact:
    missing_config_dirs: >-
      {{
        config_dirs_stats.results
        | rejectattr('stat.exists')
        | map(attribute='item')
        | list
      }}

- name: Create stack directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    mode: "0755"
    recurse: yes
  loop: "{{ missing_config_dirs }}"
  when: missing_config_dirs | length > 0

  
- name: Configure SELinux container policies
  ansible.builtin.import_tasks: ../selinux_containers/tasks/main.yml
    
- name: Deploy Podman Network Quadlet
  become: true
  template:
    src: homelab.network.j2
    dest: "{{ container_config_dir }}/homelab.network"
    mode: "0644"
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
  
- name: Set fact for systemd
  ansible.builtin.set_fact:
    service_name: "homelab-network"

- name: Execute systemd tasks
  ansible.builtin.import_role:
    name: container_runtime
    tasks_from: systemd