---
### tags:
###   update_deployment
###   update_realms

- name: "Setup DNS configuration for {{ inventory_hostname }}"
  ansible.builtin.include_role:
    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ inventory_hostname }}"

- name: "Check if {{ inventory_hostname }}/docker-compose.yml exists"
  ansible.builtin.stat:
    path: "{{ service_base_path }}/{{ inventory_hostname }}/docker-compose.yml"
  register: check_docker_compose_file
  tags:
    - update_deployment

- name: "Configure Traefik labels to restrict access to admin console"
  ansible.builtin.include_tasks: _configure_traefik.yml
  tags:
    - update_deployment

- name: "Stop {{ inventory_hostname }}"
  community.docker.docker_compose:
    project_src: "{{ service_base_path }}/{{ inventory_hostname }}"
    state: absent
  when: check_docker_compose_file.stat.exists
  tags:
    - update_deployment

- name: "Deploy docker templates for {{ inventory_hostname }}"
  ansible.builtin.include_role:
    name: hetzner-ansible-sma-deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ inventory_hostname }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
    current_docker: "{{ keycloak_docker }}"
  tags:
    - update_deployment

- name: "Deploy service templates for {{ inventory_hostname }}"
  ansible.builtin.include_role:
    name: hetzner-ansible-sma-deploy
    tasks_from: templates
  vars:
    current_config: "keycloak"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ inventory_hostname }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
  tags:
    - update_deployment

- name: "Start {{ inventory_hostname }}"
  community.docker.docker_compose:
    project_src: "{{ service_base_path }}/{{ inventory_hostname }}"
    state: present
    pull: true
  tags:
    - update_deployment

- name: "Wait for <localhost:{{ service_port_keycloak_external }}>"
  ansible.builtin.wait_for:
    host: "localhost"
    port: "{{ service_port_keycloak_external }}"
    delay: 60
  tags:
    - update_deployment

- name: "Authenticate on keycloak for {{ inventory_hostname }}"
  ansible.builtin.include_role:
    name: keycloak
    tasks_from: _authenticate
  tags:
    - update_realms

- name: "Setting smardigo-theme for master realm"
  community.general.keycloak_realm:
    id: "master"
    realm: "master"
    auth_realm: "master"
    auth_client_id: "admin-cli"
    auth_username: "{{ keycloak_admin_username }}"
    auth_password: "{{ keycloak_admin_password }}"
    auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth"
    account_theme: "{{ keycloak_default_theme }}"
    admin_theme: "{{ keycloak_default_theme }}"
    login_theme: "{{ keycloak_default_theme }}"
    registration_allowed: false
    reset_password_allowed: false
    login_with_email_allowed: false
    duplicate_emails_allowed: true
    internationalization_enabled: true
    default_locale: "de"
    supported_locales:
      - "de"
      - "en"
    events_enabled: true
    events_expiration: 604800
    admin_events_enabled: true
    smtp_server:
      host: "{{ shared_service_mail_hostname }}"
      from: "{{ keycloak_id }}@smardigo.digital"
    events_listeners:
      - "jboss-logging"
      - "metrics-listener"
    state: present
  tags:
    - update_realms