---
# Basic stuff
- name: 'Install required software'
  become: true
  ansible.builtin.apt:
    name: 'podman'
    state: 'present'

- name: 'Create podman network for forgejo deployment'
  become: true
  containers.podman.podman_network:
    name: '{{ forgejo_network_name }}'
    state: 'present'

- name: 'Create the volume for database storage'
  become: true
  containers.podman.podman_volume:
    name: '{{ item }}'
    state: 'present'
  loop:
    - '{{ forgejo_db_volume_name }}'
    - '{{ forgejo_app_volume_name }}'

# Database
- name: 'Create config for database for forgejo'
  become: true
  ansible.builtin.template:
    src: 'systemd/container-forgejo-db.service.j2'
    dest: '/etc/systemd/system/container-forgejo-db.service'
    owner: 'root'
    group: 'root'
    mode: 'u=rw,g=r,o=r'

- name: 'Start and enable forgejo-db service'
  become: true
  ansible.builtin.systemd:
    name: 'container-forgejo-db.service'
    state: 'started'
    enabled: true
    daemon_reload: true

# Application
- name: 'Prepare config location'
  become: true
  ansible.builtin.file:
    path: '{{ item }}'
    state: 'directory'
    owner: 'root'
    group: 'root'
    mode: 'u=rwx,g=rx,o=rx'
  loop:
    - '/srv/git/conf/'
    - '/srv/git/custom/templates/user/auth'

- name: 'Deploy application config'
  become: true
  ansible.builtin.template:
    src: 'forgejo/forgejo.ini'
    dest: '/srv/git/conf/forgejo.ini'
    owner: 'root'
    group: 'root'
    mode: 'u=rw,g=r,o=r'
  notify: 'Restart forgejo container'

- name: 'Write customized login page'
  become: true
  ansible.builtin.copy:
    src: 'forgejo/templates/user/auth/signin_inner.tmpl'
    dest: '/srv/git/custom/templates/user/auth/signin_inner.tmpl'
    owner: 'root'
    group: 'root'
    mode: 'u=rw,g=r,o=r'
  notify: 'Restart forgejo container'

- name: 'Create service for forgejo'
  become: true
  ansible.builtin.template:
    src: 'systemd/container-forgejo-app.service.j2'
    dest: '/etc/systemd/system/container-forgejo-app.service'
    owner: 'root'
    group: 'root'
    mode: 'u=rw,g=r,o=r'
  notify: 'Restart forgejo container'

- name: 'Start and enable forgejo-app service'
  become: true
  ansible.builtin.systemd:
    name: 'container-forgejo-app.service'
    state: 'started'
    enabled: true
    daemon_reload: true

# Authentication source
- name: 'Configure forgejo authentication source'
  become: true
  when: forgejo_sso_create_source
  enbewe.forgejo.forgejo_oauth:
    state: 'present'
    update: '{{ forgejo_sso_update | default(false) }}'
    name: '{{ forgejo_sso_name }}'
    provider: '{{ forgejo_sso_provider }}'
    key: '{{ forgejo_sso_key }}'
    secret: '{{ forgejo_sso_secret }}'
    auto_discover_url: '{{ forgejo_sso_auto_discover_url | default("") }}'
    use_custom_urls: '{{ forgejo_sso_use_custom_urls | default(false) }}'
    custom_tenant_id: '{{ forgejo_sso_custom_tenant_id | default("") }}'
    custom_auth_url: '{{ forgejo_sso_custom_auth_url | default("") }}'
    custom_token_url: '{{ forgejo_sso_custom_token_url | default("") }}'
    custom_profile_url: '{{ forgejo_sso_custom_profile_url | default("") }}'
    custom_email_url: '{{ forgejo_sso_custom_email_url | default("") }}'
    icon_url: '{{ forgejo_sso_icon_url | default("") }}'
    skip_local_2fa: '{{ forgejo_sso_skip_local_2fa | default(true) }}'
    scopes: '{{ forgejo_sso_scopes | default("") }}'
    required_claim_name: '{{ forgejo_sso_required_claim_name | default("") }}'
    required_claim_value: '{{ forgejo_sso_required_claim_value | default("") }}'
    group_claim_name: '{{ forgejo_sso_group_claim_name | default("") }}'
    admin_group: '{{ forgejo_sso_admin_group | default("") }}'
    restricted_group: '{{ forgejo_sso_restricted_group | default("") }}'
    group_team_map: '{{ forgejo_sso_group_team_map | default("") }}'
    group_team_map_removal: '{{ forgejo_sso_group_team_map_removal | default(false) }}'