From caa593ee7526d74bea1d2a96dbc15bb661feed44 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 1 Apr 2023 15:57:47 +0200
Subject: [PATCH] Add support for privileged containers and extra LXC conf

---
 .../playbooks/roles/join_ipa/tasks/main.yml   |  2 +-
 .../roles/proxmox_create_lxc/tasks/main.yml   | 26 ++++++++++++++++++-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
index b057d7c..0fd8f5d 100644
--- a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
+++ b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
@@ -24,7 +24,7 @@
           lxc.idmap = g 0 100000 65536
           lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
           lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
-      when: not proxmox_conf['content']|b64decode is search('lxc.idmap')
+      when: not proxmox_conf['content']|b64decode is search('lxc.idmap') and not proxmox.privileged|default(False)
       notify: restart_container
       delegate_to: "{{ proxmox.host }}"
     - name: set id mappings copy in
diff --git a/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml b/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml
index 014fa28..ecb600a 100644
--- a/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml
+++ b/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml
@@ -11,13 +11,37 @@
       --storage local-zfs
       -net0 name=eth0,bridge=vmbr0,ip=dhcp
       -onboot 1
-      --unprivileged
+      {% if not proxmox.privileged|default(false) %} -unprivileged {% endif %}
+      {% if proxmox.features|default(None) %} -features {{ proxmox.features }} {% endif %}
       --password {{ ansible_password|trim }}
       --nameserver {{ hostvars[proxmox.host].network.self_internal_ip }}
       --ostype {{ flavors[proxmox.flavor].pct_ostype }}
   args:
     creates: "/etc/pve/lxc/{{ proxmox.id }}.conf"
   delegate_to: "{{ proxmox.host }}"
+- name: proxmox extra
+  when: proxmox.extra|default(None)
+  block:
+    - name: set proxmox extra copy out
+      copy:
+        remote_src: yes
+        src: /etc/pve/lxc/{{ proxmox.id }}.conf
+        dest: /tmp/{{ proxmox.id }}.conf
+      delegate_to: "{{ proxmox.host }}"
+    - name: read conf
+      slurp:
+        src: /tmp/{{ proxmox.id }}.conf
+      register: proxmox_conf
+      delegate_to: "{{ proxmox.host }}"
+    - name: set proxmox extra
+      lineinfile:
+        path: /tmp/{{ proxmox.id }}.conf
+        line: "{{ item }}"
+      loop: "{{ proxmox.extra }}"
+      delegate_to: "{{ proxmox.host }}"
+    - name: set proxmox extra copy in
+      command: cp /tmp/{{ proxmox.id }}.conf /etc/pve/lxc/{{ proxmox.id }}.conf
+      delegate_to: "{{ proxmox.host }}"
 # https://bugzilla.proxmox.com/show_bug.cgi?id=4515
 - name: set hosts
   copy:
-- 
2.47.3