---

- name: "Install dependencies"
  ansible.builtin.apt:
    pkg:
      - docker.io

- name: "Create directory for Authentik with Docker"
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: root
    group: root
    mode: '0750'
  with_items:
    - "{{ docker_volumes_dir }}/authentik"

- name: "Create directories for Authentik Docker"
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: 1000
    group: 1000
    mode: '0750'
  with_items:
    - "{{ docker_volumes_dir }}/authentik/media"
    - "{{ docker_volumes_dir }}/authentik/custom-templates"
    - "{{ docker_volumes_dir }}/authentik/certs"

- name: "Create Redis directory for Authentik with Docker"
  ansible.builtin.file:
    path: "{{ docker_volumes_dir }}/authentik/redis"
    state: directory
    owner: 999
    group: root
    mode: '0750'

- name: "Create Database directory for Authentik with Docker"
  ansible.builtin.file:
    path: "{{ docker_volumes_dir }}/authentik/database"
    state: directory
    owner: root
    group: root
    mode: '0750'

- name: "Template .env files for Authentik with Docker"
  ansible.builtin.template:
    src: "authentik.env.j2"
    dest: "{{ docker_volumes_dir }}/authentik/authentik.env"
    force: true
    owner: authentik-docker
    group: docker
    mode: '0660'
  notify: restart-authentik-docker

#- name: "Template docker-compose.yml for authentik-docker"
#  ansible.builtin.template:
#    src: "{{ item }}.j2"
#    dest: "/{{ docker_compose_config_dir }}/authentik/{{ item }}"
#    force: true
#    owner: root
#    group: docker
#    mode: '0640'
#  with_items:
#    - docker-compose.yml
#  notify: restart-authentik-docker

- name: "Create Docker network authentik_net"
  docker_network:
    name: authentik_net

- name: "Template systemd units for Authentik with Docker"
  ansible.builtin.template:
    src: "{{ item }}.j2"
    dest: "/etc/systemd/system/{{ item }}"
    force: true
    owner: root
    group: root
    mode: '0664'
  with_items:
    - authentik-server-docker.service
    - authentik-worker-docker.service
    - authentik-redis-docker.service
    - authentik-db-docker.service
  register: units

#- name: "Add a user that will run the container"
#  ansible.builtin.user:
#    name: authentik-docker
#    comment: Authentik Docker User
#    home: "{{ docker_volumes_dir }}/authentik"
#    group: docker
#    system: true

#- name: "Template systemd unit file for Authentik with Docker"
#  ansible.builtin.template:
#    src: "authentik-docker.service.j2"
#    dest: "/etc/systemd/system/authentik-docker.service"
#    force: true
#    owner: root
#    group: root
#    mode: '0644'
#  register: unit
#  notify: systemctl-daemon-reload

- name: "Reload systemd units"
  ansible.builtin.systemd:
    daemon_reload: yes
  when: units.changed

- name: "Enable systemd units for Authentik with Docker"
  ansible.builtin.systemd:
    state: started
    enabled: true
    name: "{{ item }}"
  with_items:
    - authentik-db-docker.service
    - authentik-redis-docker.service
    - authentik-server-docker.service
    - authentik-worker-docker.service

#- name: "Enable systemctl service for authentik-docker"
#  ansible.builtin.service:
#    state: started
#    name: "authentik-docker.service"