---
- name: Create maatma container
  community.general.lxc_container:
    name: "{{ ctr_name }}"
    backing_store: dir
    container_log: true
    container_log_level: DEBUG
    template: download
    template_options: "--dist alpine --release 3.17 --arch armhf"
    state: stopped

- name: Erase container configuration
  copy:
    content: |
      # Template used to create this container: /usr/share/lxc/templates/lxc-download
      # Parameters passed to the template: --dist alpine --release 3.17 --arch armhf
      # For additional config options, please look at lxc.container.conf(5)

      # Uncomment the following line to support nesting containers:
      #lxc.include = /usr/share/lxc/config/nesting.conf
      # (Be aware this has security implications)


      # Distribution configuration
      lxc.include = /usr/share/lxc/config/common.conf
      lxc.arch = linux32

      # Container specific configuration
      lxc.rootfs.path = dir:/var/lib/lxc/{{ ctr_name }}/rootfs
      lxc.uts.name = {{ ctr_name }}

      lxc.net.0.type = veth
      lxc.net.0.flags = up
      lxc.net.0.link = br0
      lxc.net.0.hwaddr = de:de:d7:8e:36:5e
      lxc.net.0.ipv4.address = {{ local_network.prefix4 }}201/{{ local_network.netmask4 }}
      lxc.net.0.ipv4.gateway = {{ local_network.gateway }}
      lxc.net.0.ipv6.address = {{ local_network.prefix6 }}:1:a/64
      lxc.net.0.ipv6.gateway = {{ local_network.gateway6 }}

      lxc.net.2.type = phys
      lxc.net.2.flags = up
      lxc.net.2.link = wg-adlin
      lxc.net.2.ipv6.address = {{ maatma_network.gateway6 }}/{{ maatma_network.netmask6 }}

      lxc.net.1.type = veth
      lxc.net.1.flags = up
      lxc.net.1.veth.pair = veth_sshpipper
      lxc.net.1.ipv4.address = 169.254.42.1/30

      lxc.sysctl.net.ipv6.conf.eth0.autoconf = 0
      lxc.sysctl.net.ipv6.conf.all.forwarding = 1

      lxc.cap.drop = setgid
      lxc.cap.drop = setuid
      lxc.cap.drop = setpcap
      lxc.cap.drop = sys_resource
      lxc.cap.drop = sys_boot
    dest: "/var/lib/lxc/{{ ctr_name }}/config"

- name: Update runlevels
  file:
    path: "/var/lib/lxc/{{ ctr_name }}/rootfs{{ item }}"
    state: absent
  loop:
    - "/etc/runlevels/boot/syslog"
    - "/etc/runlevels/default/crond"
    - "/etc/runlevels/default/networking"

- name: Copy init scripts
  template:
    src: "{{ item }}.init.j2"
    dest: "/var/lib/lxc/{{ ctr_name }}/rootfs/etc/init.d/{{ item }}"
    mode: 0755
  loop:
    - token-validator
    - checker
    - clean-wg

- name: Setup runlevels
  file:
    path: "/var/lib/lxc/{{ ctr_name }}/rootfs/etc/runlevels/{{ item.runlevel }}/{{ item.filename }}"
    src: "/etc/init.d/{{ item.filename }}"
    state: link
    force: yes
  loop:
    - { filename: "token-validator", runlevel: "default" }
    - { filename: "checker", runlevel: "default" }
    - { filename: "clean-wg", runlevel: "default" }

# Does not work
- name: Setup maatma container
  community.general.lxc_container:
    name: "{{ ctr_name }}"
    container_command: |
      echo nameserver 192.168.0.254 > /etc/resolv.conf;
      apk add --no-cache curl wireguard-tools-wg nftables;
    state: started

- name: Create symlink for service
  file:
    path: "/etc/init.d/lxc.{{ ctr_name }}"
    src: "/etc/init.d/lxc"
    state: link