---
- name: install packages
  ansible.builtin.package:
    name: podman
    state: installed

- name: allow nginx to connect containers
  ansible.posix.seboolean:
    name: httpd_can_network_connect
    state: true
    persistent: true

- name: copy selinux module
  copy:
    dest: /usr/local/share/selinux/podman-certs.pp
    src: podman-certs.pp
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: check if selinux module is loaded
  command:
    argv:
      - semodule
      - -l
  register: result
  check_mode: false
  changed_when: false

- name: insall selinux module
  command:
    argv:
      - semodule
      - -i
      - /usr/local/share/selinux/podman-certs.pp
  when: '"podman-certs" not in result.stdout_lines'