---
- name: check for container files that exist on this host
  stat:
    path: "/etc/pve/lxc/{{ item }}.conf"
  loop: "{{ proxmox_lxc_ct_ids }}"
  register: stat_results

- name: filter out files that do not exist
  set_fact:
    proxmox_lxc_filtered_files:
      '{{ stat_results.results | rejectattr("stat.exists", "false") | map(attribute="stat.path") }}'

# used for the reboot handler
- name: get container ids from filtered files
  set_fact:
    proxmox_lxc_filtered_ids:
      '{{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }}'

# https://gist.github.com/triangletodd/02f595cd4c0dc9aac5f7763ca2264185
- name: Ensure lxc config has the right apparmor profile
  lineinfile:
    dest: "{{ item }}"
    regexp: "^lxc.apparmor.profile"
    line: "lxc.apparmor.profile: unconfined"
  loop: "{{ proxmox_lxc_filtered_files }}"
  notify: reboot containers

- name: Ensure lxc config has the right cgroup
  lineinfile:
    dest: "{{ item }}"
    regexp: "^lxc.cgroup.devices.allow"
    line: "lxc.cgroup.devices.allow: a"
  loop: "{{ proxmox_lxc_filtered_files }}"
  notify: reboot containers

- name: Ensure lxc config has the right cap drop
  lineinfile:
    dest: "{{ item }}"
    regexp: "^lxc.cap.drop"
    line: "lxc.cap.drop: "
  loop: "{{ proxmox_lxc_filtered_files }}"
  notify: reboot containers

- name: Ensure lxc config has the right mounts
  lineinfile:
    dest: "{{ item }}"
    regexp: "^lxc.mount.auto"
    line: 'lxc.mount.auto: "proc:rw sys:rw"'
  loop: "{{ proxmox_lxc_filtered_files }}"
  notify: reboot containers