From 4f717ef8470a73d2ff6072786aa7d46316e5d417 Mon Sep 17 00:00:00 2001
From: Anton Osenenko <418868+a0s@users.noreply.github.com>
Date: Fri, 26 Jun 2020 20:13:26 +0300
Subject: [PATCH] Add support for --device and --privileged

---
 README.md         |  2 ++
 defaults/main.yml |  2 ++
 templates/unit.j2 | 17 +++++++++++++++--
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index da59677..ae149f0 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,8 @@ This will create:
 * `container_docker_pull` (default: _yes_) - whether the docker image should be pulled
 * `container_cap_add` (default _[]_) - List of capabilities to add
 * `container_cap_drop` (default _{}_) - List of capabilities to drop
+* `container_devices` (default _[]_) - List of devices to add
+* `container_privileged` (default _false_) - Whether the container should be privileged
 * `container_start_post` - Optional command to be run by systemd after the container has started
 
 #### Systemd service specifics
diff --git a/defaults/main.yml b/defaults/main.yml
index cedae22..21d58a4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,6 +8,8 @@ container_ports: []
 container_volumes: []
 container_cap_add: []
 container_cap_drop: []
+container_devices: []
+container_privileged: false
 docker_path: "/usr/bin/docker"
 service_name: "{{ container_name }}_container"
 service_systemd_options: []
diff --git a/templates/unit.j2 b/templates/unit.j2
index 258c1af..9d75237 100644
--- a/templates/unit.j2
+++ b/templates/unit.j2
@@ -1,6 +1,6 @@
 # {{ ansible_managed }}
 {% macro params(name, vals) %}
-{% for v in vals %}-{{ name }} {{ v }} {% endfor %}
+{% for v in vals %}{{ name }} {{ v }} {% endfor %}
 {% endmacro %}
 {% set service_systemd_options_keys = service_systemd_options | selectattr("key") | map(attribute="key") | list %}
 [Unit]
@@ -21,7 +21,20 @@ EnvironmentFile={{ sysconf_dir }}/{{ container_name }}
 ExecStartPre=-{{ docker_path }} rm -f {{ container_name }}
 {% endif %}
 {% if not 'ExecStart' in service_systemd_options_keys %}
-ExecStart={{ docker_path }} run --name {{ container_name }} --rm {% if container_env is defined %}--env-file {{ sysconf_dir }}/{{ container_name }} {% endif %}{{ params('v', container_volumes) }}{% if container_host_network == true %} --network host {% else %}{{ params('p', container_ports) }}{% endif %}{{ params('-link', container_links) }}{{ params('l', container_labels) }}{{ params('-cap-add', container_cap_add) }}{{ params('-cap-drop', container_cap_drop) }}{{ container_args | default('') |trim }} {{ container_image }} {{ container_cmd | default('') | trim }}
+ExecStart={{ docker_path }} run \
+  --name {{ container_name }} \
+  --rm \
+  {% if container_env is defined %}--env-file {{ sysconf_dir }}/{{ container_name }} {% endif %}\
+  {{ params('--volume', container_volumes) }}\
+  {% if container_host_network == true %}--network host {% else %}{{ params('--publish', container_ports) }}{% endif %}\
+  {{ params('--link', container_links) }}\
+  {{ params('--label', container_labels) }}\
+  {{ params('--cap-add', container_cap_add) }}\
+  {{ params('--cap-drop', container_cap_drop) }}\
+  {{ params('--device', container_devices) }}\
+  {% if container_privileged == true %}--privileged{% endif %}\
+  {{ container_args | default('') | trim }} \
+  {{ container_image }} {{ container_cmd | default('') | trim }}
 {% endif %}
 {% if not 'ExecStop' in service_systemd_options_keys %}
 ExecStop=/usr/bin/docker stop {{ container_name }}