applications_podman_pkgs:
  pkg.installed:
    - pkgs:
      - podman
      - podman-openrc

applications_podman_enable:
  service.enabled:
    - name: podman
    - require:
      - applications_podman_pkgs

applications_podman_rootless_cgroup_mode:
  file.keyvalue:
    - name: /etc/rc.conf
    - key_values:
        rc_cgroup_mode: '"unified"'
    - separator: '='
    - uncomment: '#'
    - key_ignore_case: false
    - value_ignore_case: false
    - append_if_not_found: true
    - require:
      - applications_podman_pkgs

applications_podman_rootless_cgroups:
  service.running:
    - name: cgroups
    - enable: True
    - watch:
      - applications_podman_rootless_cgroup_mode

applications_podman_user:
  user.present:
    - name: puser
    - uid: 2000
    - shell: /bin/zsh
    - home: /home/puser
    - usergroup: True
    - createhome: True
    - require:
      - applications_podman_pkgs

applications_podman_rootless_modules:
  file.append:
    - name: /etc/modules
    - text:
      - tun
      - fuse

applications_podman_rootless_subgid:
  file.append:
    - name: /etc/subgid
    - text: puser:100000:65536
    - require:
      - applications_podman_user

applications_podman_rootless_subuid:
  file.append:
    - name: /etc/subuid
    - text: puser:100000:65536
    - require:
      - applications_podman_user

applications_podman_rootless_devnet_dir:
  file.directory:
    - name: /dev/net
    - require:
      - applications_podman_rootless_modules

applications_podman_rootless_tun_nod:
  file.mknod:
    - name: /dev/net/tun
    - ntype: c
    - major: 10
    - minor: 200
    - user: root
    - group: root
    - mode: '0666'
    - require:
      - applications_podman_rootless_devnet_dir