---
- name: Podman Host | PRELIM | Ensure the rootless users are defined and are not root
  ansible.builtin.assert:
    that:
      - podman_host_rootless_users | length > 0
      - '"root" not in podman_host_rootless_users'

- name: Podman Host | AUDIT | Ensure that subuid and subgid are defined for the users
  ansible.builtin.include_tasks:
    file: check_subid.yml
  vars:
    _podman_host_rootless_user: "{{ item }}"
  with_items: "{{ podman_host_rootless_users }}"

- name: Podman Host | PATCH | Set unprivileged port minimum
  ansible.posix.sysctl:
    name: net.ipv4.ip_unprivileged_port_start
    value: "{{ podman_host_minimum_unpriv_port }}"
    sysctl_set: true
    sysctl_file: /etc/sysctl.d/zzz-podman-unpriv-port.conf
    reload: true
  become: true

- name: Podman Host | PATCH | Create users for rootless podman
  ansible.builtin.user:
    name: "{{ item }}"
  become: true
  with_items: "{{ podman_host_rootless_users }}"

- name: Podman Host | PATCH | Set XDG_RUNTIME_DIR in .profile for rootless users
  ansible.builtin.lineinfile:
    path: "/home/{{ item }}/.bash_profile"
    line: "export XDG_RUNTIME_DIR=/run/user/$(id -u)"
    create: false
  become: true
  become_user: "{{ item }}"
  with_items: "{{ podman_host_rootless_users }}"

- name: Podman Host | PATCH | Enable linger for rootless users
  ansible.builtin.command:
    argv:
      - /usr/bin/loginctl
      - enable-linger
      - "{{ item }}"
    creates: "/var/lib/systemd/linger/{{ item }}"
  become: true
  with_items: "{{ podman_host_rootless_users }}"

- name: Podman Host | PATCH | Install Podman
  ansible.builtin.dnf:
    name:
      - podman
      - container-selinux
    state: latest
  become: true

- name: Podman Host | PATCH | Create users quadlets directory
  ansible.builtin.file:
    path: "/home/{{ item }}/.config/containers/systemd"
    state: directory
    owner: "{{ item }}"
    group: "{{ item }}"
    mode: "0700"
  with_items: "{{ podman_host_rootless_users }}"
  become: true

- name: Podman Host | PATCH | Enable podman auto update timer for users
  ansible.builtin.systemd_service:
    name: podman-auto-update.timer
    scope: user
    state: started
    enabled: true
  become: true
  become_user: "{{ item }}"
  with_items: "{{ podman_host_rootless_users }}"