From e79576cd7300e89714ae2f13918f9fe51e493b86 Mon Sep 17 00:00:00 2001
From: irl <iain@learmonth.me>
Date: Thu, 4 Dec 2025 17:26:53 +0000
Subject: [PATCH] feat(podman_link): configure xfs quotas for channel container
 data directories

---
 roles/podman_link/tasks/main.yml | 58 ++++++++++++++++++++++++++------
 1 file changed, 48 insertions(+), 10 deletions(-)

diff --git a/roles/podman_link/tasks/main.yml b/roles/podman_link/tasks/main.yml
index f336d99..d097863 100644
--- a/roles/podman_link/tasks/main.yml
+++ b/roles/podman_link/tasks/main.yml
@@ -108,16 +108,6 @@
     - zammad-data
     - zammad-config-nginx
 
-# Bridge/Link runs with UID/GID 1000 inside the container (because it's based on the node container)
-- name: Podman CDR Link | PATCH | Create data directory for bridge-whatsapp
-  ansible.builtin.file:
-    path: "/home/{{ podman_link_podman_rootless_user }}/bridge-whatsapp-data"
-    owner: "{{ _podman_link_user_subuid_start + 999 }}"
-    group: "{{ _podman_link_user_subgid_start + 999 }}"
-    mode: "0700"
-    state: "directory"
-  become: true
-
 # Postgres/Redis runs with UID/GID 999 inside the container
 # Postgres seems to want to set group permissions on the data directory, which is probably fine
 - name: Podman CDR Link | PATCH | Create data directory for PostgreSQL and Redis
@@ -133,6 +123,16 @@
     - redis-data
     - postgresql-data
 
+# Bridge/Link runs with UID/GID 1000 inside the container (because it's based on the node container)
+- name: Podman CDR Link | PATCH | Create data directory for bridge-whatsapp
+  ansible.builtin.file:
+    path: "/home/{{ podman_link_podman_rootless_user }}/bridge-whatsapp-data"
+    owner: "{{ _podman_link_user_subuid_start + 999 }}"
+    group: "{{ _podman_link_user_subgid_start + 999 }}"
+    mode: "0700"
+    state: "directory"
+  become: true
+
 # We set the UID/GID to 1002 inside the signal-cli-rest-api container with environment variables
 - name: Podman CDR Link | PATCH | Create data directory for signal-cli-rest-api
   ansible.builtin.file:
@@ -143,6 +143,44 @@
     state: "directory"
   become: true
 
+- name: Podman CDR Link | PATCH | Ensure a project is created for Signal and WhatsApp containers
+  ansible.builtin.lineinfile:
+    path: /etc/projid
+    line: "{{ item.name }}:{{ item.project_id }}"
+    owner: root
+    group: root
+    mode: "0644"
+    create: true
+  become: true
+  with_items:
+    - {"project_id": 11, "name": "signal"}
+    - {"project_id": 12, "name": "whatsapp"}
+
+- name: Podman CDR Link | PATCH | Ensure a project is mapped for Signal and WhatsApp container data directories
+  ansible.builtin.lineinfile:
+    path: /etc/projects
+    line: "{{ item.project_id }}:{{ item.path }}"
+    owner: root
+    group: root
+    mode: "0644"
+    create: true
+  become: true
+  with_items:
+    - {"project_id": 11, "path": "/home/{{ podman_link_podman_rootless_user }}/signal-cli-rest-api-data"}
+    - {"project_id": 12, "path": "/home/{{ podman_link_podman_rootless_user }}/bridge-whatsapp-data"}
+
+- name: Podman CDR Link | PATCH | Set project quotas of 3G each for Signal and WhatsApp container data directories
+  community.general.xfs_quota:
+    type: project
+    mountpoint: /home
+    name: "{{ item }}"
+    bsoft: 3g
+    bhard: 3g
+    state: present
+  with_items:
+    - signal
+    - whatsapp
+
 - name: Podman CDR Link | PATCH | Install shared environment files
   ansible.builtin.template:
     src: "home/config/containers/systemd/{{ item }}"