---

### tags:
###   update_deployment
###   update_realms

- name: "Setup DNS configuration for {{ inventory_hostname }}"
  include_role:
    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ inventory_hostname }}"

- name: "Check if {{ inventory_hostname }}/docker-compose.yml exists"
  stat:
    path: '{{ service_base_path }}/{{ inventory_hostname }}/docker-compose.yml'
  register: check_docker_compose_file
  tags:
    - update_deployment

- name: "Stop {{ inventory_hostname }}"
  community.docker.docker_compose:
    project_src: '{{ service_base_path }}/{{ inventory_hostname }}'
    state: absent
  when: check_docker_compose_file.stat.exists
  tags:
    - update_deployment

- name: "Deploy docker templates for {{ inventory_hostname }}"
  include_role:
    name: hetzner-ansible-sma-deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ inventory_hostname }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
    current_docker: "{{ keycloak_docker }}"
  tags:
    - update_deployment

- name: "Deploy service templates for {{ inventory_hostname }}"
  include_role:
    name: hetzner-ansible-sma-deploy
    tasks_from: templates
  vars:
    current_config: "keycloak"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ inventory_hostname }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
  tags:
    - update_deployment

- name: "Start {{ inventory_hostname }}"
  community.docker.docker_compose:
    project_src: '{{ service_base_path }}/{{ inventory_hostname }}'
    state: present
    pull: yes
  tags:
    - update_deployment

- name: "Wait for <localhost:{{ service_port_keycloak_external }}>"
  wait_for:
    host: "localhost"
    port: '{{ service_port_keycloak_external }}'
    delay: 60
  tags:
    - update_deployment

- name: "Authenticate on keycloak for {{ inventory_hostname }}"
  include_role:
    name: keycloak
    tasks_from: _authenticate
  tags:
    - update_realms

- name: "Setting smardigo-theme for master realm"
  community.general.keycloak_realm:
    id: "master"
    realm: "master"
    auth_realm: "master"
    auth_client_id: "admin-cli"
    auth_username: "{{ keycloak_admin_username }}"
    auth_password: "{{ keycloak_admin_password }}"
    auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth"
    account_theme: "{{ keycloak_default_theme }}"
    admin_theme: "{{ keycloak_default_theme }}"
    login_theme: "{{ keycloak_default_theme }}"
    registration_allowed: no
    reset_password_allowed: no
    login_with_email_allowed: no
    duplicate_emails_allowed: yes
    internationalization_enabled: yes
    default_locale: "de"
    supported_locales:
    - "de"
    - "en"
    events_enabled: yes
    events_expiration: 604800
    admin_events_enabled: yes
    smtp_server:
      host: "{{ shared_service_mail_hostname }}"
      from: "{{ keycloak_id }}@smardigo.digital"
    events_listeners:
    - "jboss-logging"
    - "metrics-listener"
    state: present
  tags:
    - update_realms