container: Support cap_add

roles/container/defaults/main.yaml

@@ -14,3 +14,4 @@ container_auto_start: true
 container_auto_update: true
 container_requires: []
 container_wants: []
+container_add_capabilities: []

roles/container/meta/argument_specs.yaml

@@ -173,6 +173,13 @@ argument_specs:
         required: false
         default: {}
 
+      container_add_capabilities:
+        description: List of capabilities to add to the container
+        type: list
+        required: false
+        default: []
+        elements: str
+
       container_requires:
         description: >
           List of systemd units (like other containers) this one depends on.

roles/container/tasks/main.yaml

@@ -54,6 +54,7 @@
     publish: "{{ container_publish_ports }}"
     secrets: "{{ _container_secrets }}"
     env: "{{ container_env }}"
+    cap_add: "{{ container_add_capabilities }}"
     label: "{{ _container_labels if _container_labels | length > 0 else omit }}"
     state: quadlet
     quadlet_file_mode: "0600"