---
# container_runtime/tasks/main.yml
- name: Install required base packages
  become: true
  dnf:
    name: "{{ item }}"
    state: present
  loop: "{{ base_runtime_install_packages }}"

- name: Enable lingering for rootless containers
  become: true
  command: "loginctl enable-linger {{ container_user }}"
  args:
    creates: "/var/lib/systemd/linger/{{ container_user }}"
    
- name: Allow rootless to bind to low ports
  become: true
  sysctl:
    name: net.ipv4.ip_unprivileged_port_start
    value: '53'
    state: present

- name: Create stack directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    mode: "0755"
    recurse: yes
  loop:
    - "{{ stack_root }}"
    - "{{ container_config_dir }}"
  
- name: Configure SELinux container policies
  ansible.builtin.import_tasks: ../selinux_containers/tasks/main.yml
    
- name: Deploy Podman Network Quadlet
  become: true
  template:
    src: homelab.network.j2
    dest: "{{ container_config_dir }}/homelab.network"
    mode: "0644"
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
  
- name: Force systemd reload (blocking)
  become: true
  become_user: "{{ container_user }}"
  environment:
    XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
  command: systemctl --user daemon-reload
  
- name: Start homelab network
  become: true
  become_user: "{{ container_user }}"
  systemd:
    name: homelab-network.service
    scope: user
    state: started