---
- name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
    state: present
    line: lxc.apparmor.profile{{":"}} unconfined
    validate: /usr/sbin/visudo -cf %s

- name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
    state: present
    line: lxc.cap.drop{{":"}}
    validate: /usr/sbin/visudo -cf %s

- name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
    state: present
    line: lxc.mount.auto"{{":"}}" "proc{{":"}}rw sys{{":"}}rw"
    validate: /usr/sbin/visudo -cf %s

- name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
    state: present
    line: lxc.cgroup2.devices.allow{{":"}} c 10{{":"}}200 rwm
    validate: /usr/sbin/visudo -cf %s