---
- name: Podman Seafile | PATCH | Install data plate
  ansible.builtin.template:
    src: etc/motd.d/10-data-plate.txt
    dest: /etc/motd.d/10-data-plate.txt
    owner: root
    group: root
    mode: "0444"
  become: true

- name: Podman Seafile | PATCH | Install podman and verify rootless podman user
  ansible.builtin.include_role:
    role: sr2c.core.podman_host
  vars:
    podman_host_minimum_unpriv_port: 80
    podman_host_rootless_users: ["{{ podman_seafile_podman_rootless_user }}"]

- name: Podman Seafile | AUDIT | Get subuid range for user
  ansible.builtin.command:
    cmd: "getsubids {{ podman_seafile_podman_rootless_user }}"
  register: _podman_seafile_user_subuid
  changed_when: false

- name: Podman Seafile | AUDIT | Get subgid range for user
  ansible.builtin.command:
    cmd: "getsubids -g {{ podman_seafile_podman_rootless_user }}"
  register: _podman_seafile_user_subgid
  changed_when: false

- name: Podman Seafile | AUDIT | Parse outputs of getsubids and store results
  ansible.builtin.set_fact:
    _podman_seafile_user_subuid_start: "{{ (_podman_seafile_user_subuid.stdout_lines[0].split()[2] | int) }}"
    _podman_seafile_user_subgid_start: "{{ (_podman_seafile_user_subgid.stdout_lines[0].split()[2] | int) }}"

# MySQL runs with UID/GID 999 inside the container
- name: Podman Seafile | PATCH | Create data directory for MySQL
  ansible.builtin.file:
    path: "/home/{{ podman_seafile_podman_rootless_user }}/mysql_data"
    owner: "{{ _podman_seafile_user_subuid_start + 998 }}"
    group: "{{ _podman_seafile_user_subgid_start + 998 }}"
    mode: "0750"
    state: "directory"
  become: true

# Seafile runs as root inside the container
- name: Podman Seafile | PATCH | Create data directories for Seafile
  ansible.builtin.file:
    path: "/home/{{ podman_seafile_podman_rootless_user }}/{{ item }}"
    owner: "{{ podman_seafile_podman_rootless_user }}"
    group: "{{ podman_seafile_podman_rootless_user }}"
    mode: "0755"
    state: "directory"
  become: true
  with_items:
    - seafile_data
    - seadoc_data
    - onlyoffice/logs
    - onlyoffice/data
    - onlyoffice/lib

- name: Podman CDR Link | PATCH | Install container quadlets
  ansible.builtin.template:
    src: "home/podman/config/containers/systemd/{{ item }}"
    dest: "/home/{{ podman_seafile_podman_rootless_user }}/.config/containers/systemd/{{ item }}"
    owner: "{{ podman_seafile_podman_rootless_user }}"
    mode: "0400"
  with_items:
    - mysql.container
    - redis.container
    - seafile.container
    - seadoc.container
    - onlyoffice.container
    - frontend.network
    - seafile.network
  become: true
  notify:
    - Restart Seafile

- name: Podman Seafile | PATCH | Set up nginx and Let's Encrypt certificate
  ansible.builtin.include_role:
    name: sr2c.core.podman_nginx
  vars:
    podman_nginx_frontend_network: frontend
    podman_nginx_podman_rootless_user: "{{ podman_seafile_podman_rootless_user }}"
    podman_nginx_primary_hostname: "{{ podman_seafile_hostname }}"

- name: Podman Seafile | PATCH | Install production nginx configuration file
  ansible.builtin.template:
    src: home/podman/nginx/nginx.conf
    dest: "/home/{{ podman_seafile_podman_rootless_user }}/nginx/nginx.conf"
    owner: "{{ podman_seafile_podman_rootless_user }}"
    group: "{{ podman_seafile_podman_rootless_user }}"
    mode: "0644"
  become: true
  notify:
    - Restart nginx

- name: Podman Seafile | PATCH | Ensure services are running and enabled
  ansible.builtin.systemd_service:
    name: seafile.service
    scope: user
    masked: false
    state: started
    enabled: true
  become: true
  become_user: "{{ podman_seafile_podman_rootless_user }}"

- name: Podman Seafile | AUDIT | Wait until the seahub config file is created
  ansible.builtin.wait_for:
    path: "/home/{{ podman_seafile_podman_rootless_user }}/seafile_data/seafile/conf/seahub_settings.py"
    state: present
  become: true

- name: Podman Seafile | PATCH | Append Seafile config block from template for proxy and OAuth
  ansible.builtin.blockinfile:
    path: "/home/{{ podman_seafile_podman_rootless_user }}/seafile_data/seafile/conf/seahub_settings.py"
    block: "{{ lookup('ansible.builtin.template', 'home/podman/seafile_data/seahub_settings.py') }}"
    insertafter: EOF
    marker: "# {mark} ANSIBLE MANAGED BLOCK (Keycloak OAuth login)"
  become: true
  notify:
    - Restart Seafile

- name: Podman Seafile | Set up ClouDNS monitoring
  sr2c.core.cloudns_monitor:
    name: "Seafile - {{ inventory_hostname[:22] }}"
    host: "{{ inventory_hostname }}"
    ip: "{{ inventory_hostname }}"
    http_status_code: "200"
    emails: "{{ cloudns_monitoring_emails }}"
    auth_id: "{{ cloudns_auth_id }}"
    auth_password: "{{ cloudns_auth_password }}"
  delegate_to: localhost