---
- name: add forgejo user
  ansible.builtin.user:
    name: forgejo
    system: yes
    password: '!'
    home: "{{ forgejo_home_dir }}"
    create_home: no

- name: read forgejo attributes
  ansible.builtin.getent:
    database: passwd
    key: forgejo

- name: create directories
  ansible.builtin.file:
    state: directory
    path: "{{ item }}"
    owner: forgejo
    group: forgejo
    mode: "0755"
  loop:
    - "{{ forgejo_config_dir }}"
    - "{{ forgejo_home_dir }}"
    - "{{ forgejo_home_dir }}/server"
    - "{{ forgejo_home_dir }}/db"

- name: create docker-compose configuration
  ansible.builtin.template:
    src: "{{ item.name }}.j2"
    dest: "{{ forgejo_config_dir }}/{{ item.name }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  loop:
    - name: docker-compose.yml
      mode: "0644"
    - name: server.env
      mode: "0600"
    - name: db.env
      mode: "0600"

- name: start service
  community.docker.docker_compose_v2:
    project_src: "{{ forgejo_config_dir }}"
    files:
      - docker-compose.yml

- name: allow with iptables
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    source: "{{ item }}"
    destination_ports:
      - "{{ forgejo_web_port }}"
      - "{{ forgejo_ssh_port }}"
    jump: ACCEPT
    comment: forgejo
  loop: "{{ forgejo_allowed_sources }}"
  notify: Save iptables
  when: forgejo_manage_iptables