- name: Ensure podman is installed.
  ansible.builtin.package:
    name:
      - "podman"
    state: "present"
  become: true

- name: Ensure needed packages for podman machine are installed.
  ansible.builtin.package:
    name:
      - "qemu-system-x86-core"
      - "qemu-img"
      - "podman-gvproxy"
    state: "present"
  become: true
  when: podman_install_machine_packages

- name: Enable sebool container_manage_cgroup.
  ansible.posix.seboolean:
    name: container_manage_cgroup
    state: true
    persistent: true
  become: true

- name: Ensure 'containers' system user exists
  ansible.builtin.user:
    name: "containers"
    comment: "system user which holds subuids/subgids used by podman for rootful usernamespaced containers"
    create_home: false
    password: "*"
    state: present
    system: true
  become: true

- name: Ensure the 'containers' user has subuids/subgids configured
  ansible.builtin.lineinfile:
    path: "{{ item.path }}"
    regexp: "^containers:[0-9]+:[0-9]+$"
    line: "containers:{{ podman_usernamespace_uid_start }}:{{ podman_usernamespace_uid_amount }}"
  loop:
    - path: "/etc/subuid"
    - path: "/etc/subgid"
  become: true

- name: Setup default container timezone
  when: podman_default_timezone is defined
  block:
    - name: Ensure timezone is set in containers.conf
      community.general.ini_file:
        path: /etc/containers/containers.conf
        backup: true
        create: true
        state: present
        mode: "0644"
        owner: root
        group: root
        option: tz
        section: containers
        value: "'{{ podman_default_timezone }}'"
      register: podman_updated_containers_conf
      become: true
    - name: Validate containers.conf
      ansible.builtin.command:
        cmd: podman info
      changed_when: false
      become: true
  rescue:
    # This is needed if there was no containers.conf to begin with.
    # In that case there would be no backup file and the bad containers.conf would stay behind
    # even after the `copy` module below.
    - name: Remove bad containers.conf
      ansible.builtin.file:
        path: "/etc/containers/containers.conf"
        state: absent
      become: true
      when: podman_updated_containers_conf is changed # noqa: no-handler
    - name: Restore backup file
      ansible.builtin.copy:
        remote_src: true
        dest: /etc/containers/containers.conf
        src: "{{ podman_updated_containers_conf.backup_file }}"
        mode: "0644"
        owner: root
        group: root
      become: true
      when: podman_updated_containers_conf is changed # noqa: no-handler
    - name: Containers.conf could not be validated after setting default timezone
      ansible.builtin.debug:
        msg: Please make sure that `podman_default_timezone` is either an IANA timezone or 'local'
  always:
    - name: Remove backup file
      ansible.builtin.file:
        path: "{{ podman_updated_containers_conf.backup_file }}"
        state: absent
      become: true
      when: podman_updated_containers_conf is changed # noqa: no-handler

- name: Ensure default network configuration exists
  when: podman_default_network_ipv6_prefix is defined
  block:
    - name: Ensure default network config directory exists
      ansible.builtin.file:
        path: "/etc/containers/networks"
        state: directory
        owner: root
        group: root
        mode: "0755"
      become: true
    - name: Ensure default network config file exists
      ansible.builtin.template:
        src: "podman-network.json.j2"
        dest: "/etc/containers/networks/podman.json"
        owner: root
        group: root
        mode: "0600"
      become: true

- name: Ensure podman auto update is enabled
  ansible.builtin.systemd:
    name: podman-auto-update.timer
    enabled: true
    state: started
  become: true