---

- name: "Install dependencies"
  ansible.builtin.apt:
    pkg:
      - docker-compose
      - apparmor # if not installed, Docker will complain

- name: "Create directories for authentik-docker"
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: authentik-docker
    group: docker
    mode: '0755'
  with_items:
    - "{{ docker_compose_config_dir }}/authentik"
    - "{{ docker_volumes_dir }}/authentik/database"
    - "{{ docker_volumes_dir }}/authentik/redis"
    - "{{ docker_volumes_dir }}/authentik/media"
    - "{{ docker_volumes_dir }}/authentik/custom-templates"
    - "{{ docker_volumes_dir }}/authentik/certs"

- name: "Template .env filexs for authentik-docker"
  ansible.builtin.template:
    src: "{{ item }}.j2"
    dest: "/{{ docker_compose_config_dir }}/authentik/{{ item }}"
    force: true
    owner: authentik-docker
    group: docker
    mode: '0660'
  with_items:
    - .env
  notify: restart-authentik-docker

- name: "Template docker-compose.yml for authentik-docker"
  ansible.builtin.template:
    src: "{{ item }}.j2"
    dest: "/{{ docker_compose_config_dir }}/authentik/{{ item }}"
    force: true
    owner: root
    group: docker
    mode: '0640'
  with_items:
    - docker-compose.yml
  notify: restart-authentik-docker

- name: "Add a user that will run the container"
  ansible.builtin.user:
    name: authentik-docker
    comment: Authentik Docker User
    home: "{{ docker_volumes_dir }}/authentik"
    group: docker
    system: true

- name: "Template systemd unit file for authentik-docker"
  ansible.builtin.template:
    src: "authentik-docker.service.j2"
    dest: "/etc/systemd/system/authentik-docker.service"
    force: true
    owner: root
    group: root
    mode: '0644'
  register: unit
  notify: systemctl-daemon-reload

- name: "Enable systemctl service for authentik-docker"
  ansible.builtin.service:
    state: started
    name: "authentik-docker.service"