container: switch to using the containers.podman.podman_container module

roles/container/tasks/main.yaml

@@ -19,8 +19,17 @@
   loop: "{{ container_secrets }}"
 
 - name: Create container service {{ container_name }}
-  ansible.builtin.template:
-    src: container.j2
-    dest: "/etc/containers/systemd/{{ container_name }}.container"
-    mode: "0600"
+  containers.podman.podman_container:
+    image: "{{ container_image }}"
+    name: "{{ container_name }}"
+    command: "{{ container_command or omit }}"
+    user: "{{ container_user or omit }}"
+    mount: "{{ container_mounts | map('items') | map('map', 'join', '=') | map('join', ',') }}"
+    network: "{{ container_networks | map('regex_replace', '$', '.network') }}"
+    publish: "{{ container_publish_ports }}"
+    secrets: "{{ container_secrets | map(attribute='name') }}"
+    env: "{{ container_env }}"
+    state: quadlet
+    quadlet_file_mode: "0600"
+    quadlet_options: "{{ _container_quadlet_options }}"
   notify: "Restart container service {{ container_name }}"

roles/container/templates/container.j2

@@ -1,49 +0,0 @@
-# {{ ansible_managed }}
-
-[Unit]
-Description=Container {{ container_name }}
-{% for requirement in container_requires %}
-Requires={{ requirement }}
-After={{ requirement }}
-{% endfor %}
-{% for want in container_wants %}
-Requires={{ want }}
-Before={{ want }}
-{% endfor %}
-
-[Container]
-Image={{ container_image }}
-ContainerName={{ container_name }}
-{% if container_command | length > 0 %}
-Exec="{{ container_command | join('" "') }}"
-{% endif %}
-{% if container_user | length > 0 %}
-User={{ container_user }}
-{% endif %}
-{% for mount in container_mounts %}
-Mount={% for key, value in mount.items() %}{{ key }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}
-
-{% endfor %}
-{% for network in container_networks %}
-Network={{ network }}.network
-{% endfor %}
-{% for port in container_publish_ports %}
-PublishPort={{ port }}
-{% endfor %}
-{% for secret in container_secrets %}
-Secret={{ secret.name }}
-{% endfor %}
-{% for key, value in container_env.items() %}
-Environment={{ key }}={{ value }}
-{% endfor %}
-{% if container_auto_update %}
-AutoUpdate=registry
-{% endif %}
-
-{% if container_auto_start %}
-[Service]
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-{% endif %}

roles/container/vars/main.yaml

@@ -0,0 +1,24 @@
+---
+_container_quadlet_unit_options: |
+  [Unit]
+  Description=Container {{ container_name }}
+  StartLimitIntervalSec=30
+  StartLimitBurst=3
+  {% for requirement in container_requires %}
+  Requires={{ requirement }}
+  After={{ requirement }}
+  {% endfor %}
+  {% for want in container_wants %}
+  Wants={{ want }}
+  {% endfor %}
+_container_quadlet_auto_start_options: |
+  [Service]
+  Restart=always
+
+  [Install]
+  WantedBy=multi-user.target
+_container_quadlet_options_incl_empty:
+  - "{{ 'AutoUpdate=registry' if container_auto_update else '' }}"
+  - "{{ _container_quadlet_unit_options }}"
+  - "{{ _container_quadlet_auto_start_options if container_auto_start else '' }}"
+_container_quadlet_options: "{{ _container_quadlet_options_incl_empty | select('!=', '') }}"