From bf4ced4a9b88bdc93acc32e374e31a82a9694da1 Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Thu, 12 Mar 2026 00:20:19 +0200
Subject: [PATCH] service: Support cap_add

---
 roles/service/defaults/main.yaml       |  1 +
 roles/service/meta/argument_specs.yaml | 13 +++++++++++++
 roles/service/tasks/additional.yaml    |  1 +
 roles/service/tasks/main.yaml          |  1 +
 4 files changed, 16 insertions(+)

diff --git a/roles/service/defaults/main.yaml b/roles/service/defaults/main.yaml
index 99c18fc..bd0377e 100644
--- a/roles/service/defaults/main.yaml
+++ b/roles/service/defaults/main.yaml
@@ -16,6 +16,7 @@ service_container_mounts: []
 service_container_devices: []
 service_container_secrets: []
 service_container_env: {}
+service_container_add_capabilities: []
 
 service_database_type: none
 service_database_additional_networks: []
diff --git a/roles/service/meta/argument_specs.yaml b/roles/service/meta/argument_specs.yaml
index e9d1f6f..56e3ee0 100644
--- a/roles/service/meta/argument_specs.yaml
+++ b/roles/service/meta/argument_specs.yaml
@@ -239,6 +239,13 @@ argument_specs:
         required: false
         default: {}
 
+      service_container_add_capabilities:
+        description: List of capabilities to add to the service container
+        type: list
+        required: false
+        default: []
+        elements: str
+
       service_database_type:
         description:
           - Database type to set up.
@@ -400,6 +407,12 @@ argument_specs:
             type: dict
             required: false
             default: {}
+          add_capabilities:
+            description: List of capabilities to add to the container
+            type: list
+            required: false
+            default: "{{ service_container_add_capabilities }}"
+            elements: str
           secrets:
             description:
               - >
diff --git a/roles/service/tasks/additional.yaml b/roles/service/tasks/additional.yaml
index 1bcf9ca..8d9124d 100644
--- a/roles/service/tasks/additional.yaml
+++ b/roles/service/tasks/additional.yaml
@@ -15,6 +15,7 @@
     container_secrets: "{{ _service_additional_container.secrets | default(_service_container_secrets) }}"
     container_hostname: "{{ _service_additional_container.name | regex_replace('^' ~ service_name ~ '-', '') }}"
     container_env: "{{ _service_additional_container.env | default(service_container_env) }}"
+    container_add_capabilities: "{{ _service_additional_container.add_capabilities | default(service_container_add_capabilities) }}"
     container_requires: "{{ _service_container_requires }}"
     container_wants: "{{ service_wants }}"
     container_auto_update: "{{ service_auto_update }}"
diff --git a/roles/service/tasks/main.yaml b/roles/service/tasks/main.yaml
index 165d345..f833319 100644
--- a/roles/service/tasks/main.yaml
+++ b/roles/service/tasks/main.yaml
@@ -42,6 +42,7 @@
     container_ip: "{{ service_container_ip }}"
     container_secrets: "{{ _service_container_secrets }}"
     container_env: "{{ service_container_env }}"
+    container_add_capabilities: "{{ service_container_add_capabilities }}"
     container_requires: "{{ _service_container_requires }}"
     container_wants: "{{ _service_container_wants }}"
     container_auto_update: "{{ service_auto_update }}"