- name: Enable IOMMU
  lineinfile:
    path: /etc/default/grub
    regexp: '^GRUB_CMDLINE_LINUX_DEFAULT='
    line: GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"
  notify: update grub

- name: Enable vfio kernel modules
  blockinfile:
    path: /etc/modules
    block: |
      vfio
      vfio_iommu_type1
      vfio_pci
      vfio_virqfd
  notify: update initramfs

- name: Configure vfio-pci
  template:
    src: vfio.conf
    dest: /etc/modprobe.d/vfio.conf
  when: vfio_pci_ids is defined
  notify: update initramfs

- name: Enable PAM users
  lineinfile:
    path: /etc/pve/user.cfg
    line: 'user:{{ item.key }}@pam:1:0::::::'
  with_dict: '{{ users }}'

- name: Enable PAM users admin access
  lineinfile:
    path: /etc/pve/user.cfg
    line: 'acl:1:/:{{ item.key }}@pam:Administrator:'
  with_dict: '{{ users }}'

- name: Enable ipv4 packet forwarding
  lineinfile:
    path: /etc/sysctl.conf
    regexp: '^#?net.ipv4.ip_forward='
    line: net.ipv4.ip_forward=1
  notify: update grub

# - name: Force quorum to always be reached
#   lineinfile:
#     path: /etc/pve/corosync.conf
#     regexp: 'quorum_votes'
#     line: '    quorum_votes: 2'
#   with_dict: '{{ users }}'

- name: Copy pve-no-subscription.list
  copy:
    src: pve-no-subscription.list
    dest: /etc/apt/sources.list.d/pve-no-subscription.list

- name: Stat pve-enterprise.list
  stat:
    path: /etc/apt/sources.list.d/pve-enterprise.list
  register: pve_enterprise_stat

- name: Backup pve-enterprise.list
  copy:
    remote_src: True
    src: /etc/apt/sources.list.d/pve-enterprise.list
    dest: /etc/apt/sources.list.d/pve-enterprise.list.bak
  when: pve_enterprise_stat.stat.exists

- name: Disable pve-enterprise.list
  file:
    path: /etc/apt/sources.list.d/pve-enterprise.list
    state: absent

- name: Perform dist-upgrade
  apt:
    update_cache: yes
    upgrade: dist