From d30423013ae9d005b093f2d746ea1fc16a850d02 Mon Sep 17 00:00:00 2001
From: Daniel Akulenok <dak@keepit.com>
Date: Thu, 19 Feb 2026 10:58:11 +0100
Subject: [PATCH] Remove nonsensical podman_enable services

---
 .ansible/roles/keepit.podman  |  1 -
 README.md                     |  3 --
 defaults/main.yml             |  3 +-
 handlers/main.yml             | 11 ++++---
 molecule/default/converge.yml | 14 +++++++++
 molecule/default/verify.yml   | 54 +++++++++++++++++++++++++++++++++++
 tasks/containers.yml          |  2 +-
 tasks/services.yml            | 26 +++--------------
 8 files changed, 81 insertions(+), 33 deletions(-)
 delete mode 120000 .ansible/roles/keepit.podman

diff --git a/.ansible/roles/keepit.podman b/.ansible/roles/keepit.podman
deleted file mode 120000
index 098884f..0000000
--- a/.ansible/roles/keepit.podman
+++ /dev/null
@@ -1 +0,0 @@
-/home/dak/Code/ansible-podman
\ No newline at end of file
diff --git a/README.md b/README.md
index 412a7f0..e5318c0 100644
--- a/README.md
+++ b/README.md
@@ -229,8 +229,6 @@ podman_storage_runroot: /run/containers/storage
 #### API & Socket Services
 
 ```yaml
-podman_enable_socket: true      # Enable Podman socket
-podman_enable_api_service: true # Enable REST API
 podman_enable_auto_update: true # Enable automatic container updates
 ```
 
@@ -282,7 +280,6 @@ ansible-playbook -t podman-networks playbook.yml
       vars:
         # Permissive for development
         podman_policy_default_type: "insecureAcceptAnything"
-        podman_enable_socket: true
         
         podman_containers:
           - name: dev-web
diff --git a/defaults/main.yml b/defaults/main.yml
index 9146c30..30f3044 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -163,8 +163,6 @@ podman_policy_trusted_registries:
 #     unqualified_search: false
 
 # Service management
-podman_enable_socket: false
-podman_enable_api_service: false
 podman_enable_auto_update: false
 
 # Determine if Quadlet should be used (Debian 13+ or other distros)
@@ -178,6 +176,7 @@ podman_mode: "{{ 'quadlet' if podman_use_quadlet else 'started' }}"
 podman_container_defaults:
   state: "{{ podman_mode }}"
   pull: newer
+  systemd: "{{ not podman_use_quadlet }}"
   quadlet_options:
     - "AutoUpdate=registry"
     - "Pull=newer"
diff --git a/handlers/main.yml b/handlers/main.yml
index f22febe..a43ce71 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -56,12 +56,15 @@
 
 - name: Restart Podman containers
   ansible.builtin.systemd:
-    name: |
-      {{ (podman_systemd_options.container_prefix if podman_generate_systemd | bool else '') ~ item }}
+    name: >-
+      {{ (podman_systemd_options.container_prefix
+      if podman_generate_systemd else '') + item }}
     state: restarted
   listen: Reload systemd
-  loop: |
-    {{ podman_container_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }}
+  loop: >-
+    {{ podman_container_output.results |
+    selectattr('changed', 'equalto', true) |
+    map(attribute='item.name') | list }}
   loop_control:
     label: "{{ item }}"
   when:
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index 6139a56..46b988e 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -1,5 +1,19 @@
 ---
 - name: Converge
   hosts: all
+  pre_tasks:
+    - name: Install curl for verification
+      ansible.builtin.apt:
+        update_cache: true
+        name: curl
+        state: present
+  vars:
+    podman_containers:
+      - name: test_container
+        image: docker.io/nginx:latest
+        systemd: true
+        ports:
+          - "8080:80"
+          - "8443:443"
   roles:
     - ansible-podman
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index 60161b1..1f7d098 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -3,3 +3,57 @@
   hosts: all
   gather_facts: true
   tasks:
+    - name: Verify systemd service file exists on Debian Bookworm
+      stat:
+        path: "/etc/systemd/system/{{ test_container }}.service"
+      register: systemd_service
+      when: inventory_hostname == 'debian-bookworm'
+
+    - name: Assert systemd service exists on Bookworm
+      assert:
+        that:
+          - systemd_service.stat.exists
+        fail_msg: "Expected systemd service file not found for {{ test_container }}"
+      when: inventory_hostname == 'debian-bookworm'
+
+    - name: Verify quadlet .container file exists on Debian Trixie
+      stat:
+        path: "/etc/containers/systemd/{{ test_container }}.container"
+      register: quadlet_file
+      when: inventory_hostname == 'debian-trixie'
+
+    - name: Assert quadlet file exists on Trixie
+      assert:
+        that:
+          - quadlet_file.stat.exists
+        fail_msg: "Expected quadlet .container file not found for {{ test_container }}"
+      when: inventory_hostname == 'debian-trixie'
+
+    - name: Verify test container service is active
+      systemd:
+        name: "podman-{{ test_container }}"
+        state: started
+      register: container_service
+      ignore_errors: yes
+
+    - name: Check container is running
+      command: podman ps --filter "name={{ test_container }}" --format="{{.Names}}"
+      register: running_containers
+      changed_when: false
+
+    - name: Assert test container is running
+      assert:
+        that:
+          - test_container in running_containers.stdout
+        fail_msg: "Test container {{ test_container }} is not running"
+
+    - name: Verify nginx responds on localhost
+      command: curl -fsS http://127.0.0.1:8080
+      register: curl_result
+      changed_when: false
+
+    - name: Assert nginx returned content
+      assert:
+        that:
+          - curl_result.stdout | length > 0
+        fail_msg: "Expected nginx to return content on http://127.0.0.1:8080"
diff --git a/tasks/containers.yml b/tasks/containers.yml
index 7fc0bd4..c1a224f 100644
--- a/tasks/containers.yml
+++ b/tasks/containers.yml
@@ -205,7 +205,7 @@
     retry_delay: "{{ container_item.retry_delay | default(omit) }}"
 
     # Systemd generation
-    generate_systemd: "{{ container_item.generate_systemd | default(omit) }}"
+    generate_systemd: "{{ container_item.generate_systemd | default(podman_systemd_options) }}"
 
     # Quadlet options
     quadlet_dir: "{{ container_item.quadlet_dir | default(omit) }}"
diff --git a/tasks/services.yml b/tasks/services.yml
index 3f9caee..bcf8ca9 100644
--- a/tasks/services.yml
+++ b/tasks/services.yml
@@ -1,38 +1,20 @@
 ---
 # Manage Podman services
-
-- name: Enable and start Podman socket
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
     name: podman.socket
     enabled: true
     state: started
     daemon_reload: true
-  when: podman_enable_socket
-
-- name: Disable Podman socket
-  ansible.builtin.systemd:
-    name: podman.socket
-    enabled: false
-    state: stopped
-  when: not podman_enable_socket
 
 - name: Enable and start Podman API service
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
     name: podman.service
     enabled: true
     state: started
     daemon_reload: true
-  when: podman_enable_api_service
-
-- name: Disable Podman API service
-  ansible.builtin.systemd:
-    name: podman.service
-    enabled: false
-    state: stopped
-  when: not podman_enable_api_service
 
 - name: Enable and start Podman auto-update service
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
     name: podman-auto-update.service
     enabled: true
     state: started
@@ -40,7 +22,7 @@
   when: podman_enable_auto_update
 
 - name: Disable Podman auto-update service
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
     name: podman-auto-update.service
     enabled: false
     state: stopped