- name: Create system user for {{ service_name }}
  user:
    name: "{{ service_user_name }}"
    create_home: yes
    home: "{{ service_home }}"
    shell: /usr/sbin/nologin
    system: yes
  register: user_create

- name: Configure subuids and subgids for user {{ service_user_name }}
  shell: |
      export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
      export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
      usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
              --add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
      {{ service_user_name }}
  when:
    user_create is changed

- name: Ensure XDG_RUNTIME_DIR is set for user {{ service_user_name }}
  shell: |
    echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
    {{ service_home }}/.bashrc
  when:
    user_create is changed

- name: Enable lingering for user {{ service_user_name }}
  command: loginctl enable-linger {{ service_user_name }}
  when:
    user_create is changed

- name: Create container directory for user {{ service_user_name }}
  file:
    path: "/var/lib/{{ ansible_hostname }}/containers/{{ service_user_name }}"
    state: directory
    owner: "{{ service_user_name }}"
    group: "{{ service_user_name }}"
    mode: 0755

- name: Create volume data directory for user {{ service_user_name }}
  file:
    path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
    state: directory
    owner: "{{ service_user_name }}"
    group: "{{ service_user_name }}"
    mode: 0755

- block:
    - name: Create configuration directory for user {{ service_user_name }}
      file:
        path: "{{ service_home }}/.config"
        state: directory
        mode: 0755

    - name: Create container configuration directory for user {{ service_user_name }}
      file:
        path: "{{ service_home }}/.config/containers"
        state: directory
        mode: 0755

    - name: Configure storage.conf for user {{ service_user_name }}
      template:
        src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/containers/storage.conf.j2"
        dest: "{{ service_home }}/.config/containers/storage.conf"
        mode: 0644
      register: user_containers_storage

    - name: Configure containers.conf for user {{ service_user_name }}
      template:
        src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/containers/containers.conf.j2"
        dest: "{{ service_home }}/.config/containers/containers.conf"
        mode: 0644
      register: user_containers_containers

    - name: Reset podman
      shell: "cd $HOME; yes | podman system reset"
      when:
        user_containers_storage is changed or
        user_containers_containers is changed

  become_user: "{{ service_user_name }}"