---
- name: Install packages
  ansible.builtin.package:
    name: podman
    state: installed

- name: Allow nginx to connect containers
  ansible.posix.seboolean:
    name: httpd_can_network_connect
    state: true
    persistent: true

- name: Copy SELinux module
  ansible.builtin.copy:
    dest: /usr/local/share/selinux/podman-certs.pp
    src: podman-certs.pp
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Check if SELinux module is loaded
  ansible.builtin.command:
    argv:
      - semodule
      - -l
  register: result
  check_mode: false
  changed_when: false

- name: Install SELinux module
  ansible.builtin.command:
    argv:
      - semodule
      - -i
      - /usr/local/share/selinux/podman-certs.pp
  when: '"podman-certs" not in result.stdout_lines'