---
- name: Check database password
  ansible.builtin.assert:
    that: forgejo_db_password is defined

- name: Add forgejo user
  ansible.builtin.user:
    name: forgejo
    system: yes
    password: '!'
    home: "{{ forgejo_home_dir }}"
    create_home: false

- name: Read forgejo attributes
  ansible.builtin.getent:
    database: passwd
    key: forgejo

- name: Create directories
  ansible.builtin.file:
    state: directory
    path: "{{ item }}"
    owner: forgejo
    group: forgejo
    mode: "0755"
  loop: &forgejo_directories
    - "{{ forgejo_config_dir }}"
    - "{{ forgejo_home_dir }}"
    - "{{ forgejo_home_dir }}/server"
    - "{{ forgejo_home_dir }}/db"

- name: Ensure permissions on those directories
  ansible.builtin.command:
    cmd: "chown -R forgejo:forgejo {{ item }}"
  loop: *forgejo_directories

- name: Create docker-compose configuration
  ansible.builtin.template:
    src: "{{ item.name }}.j2"
    dest: "{{ forgejo_config_dir }}/{{ item.name }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  loop:
    - name: docker-compose.yml
      mode: "0644"
    - name: server.env
      mode: "0600"
    - name: db.env
      mode: "0600"

- name: Start service
  community.docker.docker_compose_v2:
    project_src: "{{ forgejo_config_dir }}"
    files:
      - docker-compose.yml

- name: Allow with iptables
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    source: "{{ item }}"
    destination_ports:
      - "{{ forgejo_web_port }}"