k9casca2/k3s-ansible/roles/reset_proxmox_lxc/tasks/main.yml

---
- name: Check for container files that exist on this host
  ansible.builtin.stat:
    path: /etc/pve/lxc/{{ item }}.conf
  loop: "{{ proxmox_lxc_ct_ids }}"
  register: stat_results

- name: Filter out files that do not exist
  ansible.builtin.set_fact:
    proxmox_lxc_filtered_files: '{{ stat_results.results | rejectattr("stat.exists", "false") | map(attribute="stat.path") }}' # noqa yaml[line-length]

- name: Remove LXC apparmor profile
  ansible.builtin.lineinfile:
    dest: "{{ item }}"
    regexp: ^lxc.apparmor.profile
    line: "lxc.apparmor.profile: unconfined"
    state: absent
  loop: "{{ proxmox_lxc_filtered_files }}"
  notify: reboot containers

- name: Remove lxc cgroups
  ansible.builtin.lineinfile:
    dest: "{{ item }}"
    regexp: ^lxc.cgroup.devices.allow
    line: "lxc.cgroup.devices.allow: a"
    state: absent
  loop: "{{ proxmox_lxc_filtered_files }}"
  notify: reboot containers

- name: Remove lxc cap drop
  ansible.builtin.lineinfile:
    dest: "{{ item }}"
    regexp: ^lxc.cap.drop
    line: "lxc.cap.drop: "
    state: absent
  loop: "{{ proxmox_lxc_filtered_files }}"
  notify: reboot containers

- name: Remove lxc mounts
  ansible.builtin.lineinfile:
    dest: "{{ item }}"
    regexp: ^lxc.mount.auto
    line: 'lxc.mount.auto: "proc:rw sys:rw"'
    state: absent
  loop: "{{ proxmox_lxc_filtered_files }}"
  notify: reboot containers