---
- name: Check required variables
  ansible.builtin.assert:
    that:
      - forgejo_db_password is defined

- name: Create user
  ansible.builtin.user:
    name: "{{ forgejo_user }}"
    system: true
    password: '!'
    home: "{{ forgejo_home_dir }}"
    create_home: false

- name: Read attributes
  ansible.builtin.getent:
    database: passwd
    key: "{{ forgejo_user }}"

- name: Create directories
  ansible.builtin.file:
    state: directory
    path: "{{ item }}"
    owner: "{{ forgejo_user }}"
    group: "{{ forgejo_user }}"
    mode: "0755"
  loop: &forgejo_directories
    - "{{ forgejo_config_dir }}"
    - "{{ forgejo_home_dir }}"
    - "{{ forgejo_home_dir }}/server"
    - "{{ forgejo_home_dir }}/db"

- name: Ensure permissions on the directories
  ansible.builtin.command:
    cmd: "chown -v -R {{ forgejo_user }}:{{ forgejo_user }} {{ item }}"
  loop: *forgejo_directories
  register: forgejo_chown
  changed_when: forgejo_chown.stdout_lines | regex_search('^changed ownership of') != None

- name: Create docker-compose configuration
  ansible.builtin.template:
    src: "{{ item.name }}.j2"
    dest: "{{ forgejo_config_dir }}/{{ item.name }}"
    owner: "{{ forgejo_user }}"
    group: "{{ forgejo_user }}"
    mode: "{{ item.mode }}"
  loop:
    - name: docker-compose.yml
      mode: "0644"
    - name: server.env
      mode: "0600"
    - name: db.env
      mode: "0600"

- name: Start service
  community.docker.docker_compose_v2:
    project_src: "{{ forgejo_config_dir }}"
    files:
      - docker-compose.yml

- name: Allow with iptables
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    source: "{{ item }}"
    destination_ports:
      - "{{ forgejo_web_port }}"
      - "{{ forgejo_ssh_port }}"
    jump: ACCEPT
    comment: forgejo
  loop: "{{ forgejo_allowed_sources }}"
  when: forgejo_manage_iptables is truthy