---
- name: Docker-Compose playbook
  hosts: all
  become: true

# #
# # @author Stéphane Gratias (2021).
#

  roles:
    # manage docker-compose@dev systemd unit file
    - { role: tumf.systemd-service, tags: docker-compose,
        when: ansible_service_mgr == 'systemd',
        vars: {
          # do not restart service via systemd
          ansible_unit_test: true,
          systemd_service_name: "docker-compose@lab",
          # [Unit]
          systemd_service_Unit_Description: "%i service with docker compose",
          systemd_service_Service_Type: "simple",
          systemd_service_Unit_After: [ "docker.service" ],
          systemd_service_Unit_Requires: [ "docker.service" ],
          # [Service]
          systemd_service_Service_WorkingDirectory: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}",
          # Remove old containers, images and volumes
          systemd_service_Service_ExecStartPre: [
            "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose down -v",
            "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose rm -fv",
          ],
          # Compose up
          systemd_service_Service_ExecStart: "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose up",
          # Compose down, remove containers and volumes
          systemd_service_Service_ExecStop: "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose down -v",
          systemd_service_Service_Restart: "always",
          # [Install]
          systemd_service_Install_WantedBy: "multi-user.target"
        }
      }

  tasks:
      - name: create docker app base dir
        file: 
          path: "{{ item }}" 
          state: directory 
          mode: 0755 
          owner: root 
          group: root
        with_items:
          - "{{ dockerapp_tree_base_dir | last }}"
          - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}"
          - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs"
        tags:
          - docker-compose
          - bootstrap_dockerapp_create_base_dir

      - name: create docker volumes tree for containers
        file:
          path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/{{ item | default('') }}"
          state: directory 
          mode: 0755
        with_items: "{{ dockerapp_tree_volumes | default([]) }}"
        tags:
          - docker-compose
          - bootstrap_dockerapp_create_app_dir

      - name: create the main docker-compose file (docker-compose.yml)
        template:
          src: "../templates/docker-compose.yml.j2"
          dest: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose-test.yml"
          mode: 0600
        tags:
          - docker-compose
          - bootstrap_dockerapp_configure_docker_compose


      - name: Run `docker-compose pull`
        community.docker.docker_compose:
          project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
          pull: true
        tags:
          - pull

      - name: Run `docker-compose up`
        community.docker.docker_compose:
          project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
          build: false
        tags:
          - pull

      - name: uncomment acme.caserver line
        ansible.builtin.lineinfile:
          path: /etc/sudoers
          state: absent
          regexp: '^%wheel'
        tags:
          - renew-httos

      - name: remove appdata/traefik2/acme/letsencrypt/acme.json file
        file:
          path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/appdata/traefik2/acme/letsencrypt/acme.json"
          state: absent
        tags:
          - renew-https

      - name: Run `docker-compose down`
        community.docker.docker_compose:
          project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
          state: absent
        tags:
          - renew-https

      - name: Run `docker-compose up`
        community.docker.docker_compose:
          project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
          build: false
        tags:
          - renew-https

      - name: Wait 5 minutes for news cert/key on acme.json (stagging)
        pause:
          seconds: 300
        tags:
          - renew-https

      - name: comment acme.caserver line
        ansible.builtin.lineinfile:
          path: /etc/sudoers
          state: absent
          regexp: '^%wheel'
        tags:
          - renew-https

      - name: remove appdata/traefik2/acme/letsencrypt/acme.json file
        file:
          path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/appdata/traefik2/acme/letsencrypt/acme.json"
          state: absent
        tags:
          - renew-https

      - name: Run `docker-compose restart traefik`
        community.docker.docker_compose:
          project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
          restarted: true
          services:
            - traefik
        tags:
          - renew-https