---
- name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
    state: present
    line: lxc.apparmor.profile{{":"}} unconfined

- name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
    state: present
    line: lxc.cap.drop{{":"}}

- name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
    state: present
    line: lxc.mount.auto"{{":"}}" "proc{{":"}}rw sys{{":"}}rw"

- name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
    state: present
    line: lxc.cgroup2.devices.allow{{":"}} c 10{{":"}}200 rwm