---
- name: join
  shell: getent passwd admin || ipa-client-install -U {% if 'lxc' in group_names %} -N {% endif %} --domain={{ freeipa.domain }} -w {{ freeipa.join_password|trim }} --mkhomedir -p {{ freeipa.join_user }}
# proxmox reorders the configuration file and misbehaves quite a bit :(
- name: proxmox idmaps
  when: "'lxc' in group_names"
  block:
    - name: set id mappings copy out
      copy:
        remote_src: yes
        src: /etc/pve/lxc/{{ proxmox.id }}.conf
        dest: /tmp/{{ proxmox.id }}.conf
      delegate_to: "{{ proxmox.host }}"
    - name: read conf
      slurp:
        src: /tmp/{{ proxmox.id }}.conf
      register: proxmox_conf
      delegate_to: "{{ proxmox.host }}"
    - name: set id mappings
      blockinfile:
        path: /tmp/{{ proxmox.id }}.conf
        block: |
          lxc.idmap = u 0 100000 65536
          lxc.idmap = g 0 100000 65536
          lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
          lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
      when: not proxmox_conf['content']|b64decode is search('lxc.idmap') and not proxmox.privileged|default(False)
      notify: restart_container
      delegate_to: "{{ proxmox.host }}"
    - name: set id mappings copy in
      command: cp /tmp/{{ proxmox.id }}.conf /etc/pve/lxc/{{ proxmox.id }}.conf
      delegate_to: "{{ proxmox.host }}"