- name: Create system user for {{ service_name }}
  user:
    name: "{{ service_user_name }}"
    create_home: yes
    home: "{{ service_home }}"
    system: yes
  register: user_create

- include_tasks: "{{ item }}"
  with_first_found:
    - files:
        - "01-user.d/shell/{{ service_name }}.yml"
        - "01-user.d/shell/_default.yml"

- block:

    - name: Ensure the home directory belongs to the user {{ service_user_name }}
      file:
        path: "{{ service_home }}"
        state: directory
        owner: "{{ service_user_name }}"
        group: "{{ service_user_name }}"
        recurse: yes

    - name: Configure subuids and subgids for user {{ service_user_name }}
      shell: |
          export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
          export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
          usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
                  --add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
          {{ service_user_name }}

    - name: Ensure XDG_RUNTIME_DIR is set for user {{ service_user_name }}
      shell: |
        echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
        {{ service_home }}/.bashrc

    - name: Enable lingering for user {{ service_user_name }}
      command: loginctl enable-linger {{ service_user_name }}

  when:
    user_create is changed

- name: Create container directory for user {{ service_user_name }}
  file:
    path: "/var/lib/{{ ansible_hostname }}/containers/{{ service_user_name }}"
    state: directory
    owner: "{{ service_user_name }}"
    group: "{{ service_user_name }}"
    mode: 0755

- name: Create volume data directory for user {{ service_user_name }}
  file:
    path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
    state: directory
    owner: "{{ service_user_name }}"
    group: "{{ service_user_name }}"
    mode: 0755

- include_tasks: "{{ item }}"
  with_first_found:
    - files:
        - "01-user.d/data/{{ service_name }}.yml"
        - "01-user.d/data/_default.yml"

- block:
    - name: Create configuration directory for user {{ service_user_name }}
      file:
        path: "{{ service_home }}/.config"
        state: directory
        mode: 0755

    - name: Create container configuration directory for user {{ service_user_name }}
      file:
        path: "{{ service_home }}/.config/containers"
        state: directory
        mode: 0755

    - name: Configure storage.conf for user {{ service_user_name }}
      template:
        src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/containers/storage.conf.j2"
        dest: "{{ service_home }}/.config/containers/storage.conf"
        mode: 0644
      register: user_containers_storage

    - name: Reset podman
      shell: "cd $HOME; yes | podman system reset"
      when:
        user_containers_storage is changed

    - name: Create systemd directory for user {{ service_user_name }}
      file:
        path: "{{ service_home }}/.config/systemd"
        state: directory
        mode: 0755

    - name: Create systemd service directory for user {{ service_user_name }}
      file:
        path: "{{ service_home }}/.config/systemd/user"
        state: directory
        mode: 0755

    - name: SystemD daemon reload
      systemd:
        daemon_reload: true
        scope: user

    - name: Enable pod-service auto-update
      systemd:
        name: pod-service-auto-update.timer
        enabled: yes
        state: started
        scope: user

    - name: Enable podman image prune
      systemd:
        name: podman-image-prune.service
        enabled: yes
        scope: user

  become_user: "{{ service_user_name }}"