---
- name: Install Docker dependencies
  ansible.builtin.apt:
    name:
      - ca-certificates
      - curl
      - gnupg
    state: present
    update_cache: true
  become: true

- name: Create Docker apt keyring directory
  ansible.builtin.file:
    path: /etc/apt/keyrings
    state: directory
    owner: root
    group: root
    mode: "0755"
  become: true

- name: Add Docker GPG key
  ansible.builtin.get_url:
    url: https://download.docker.com/linux/debian/gpg
    dest: /etc/apt/keyrings/docker.asc
    owner: root
    group: root
    mode: "0644"
  become: true

- name: Add Docker apt repository
  ansible.builtin.apt_repository:
    repo: >-
      deb [arch={{ ansible_architecture | replace('x86_64', 'amd64') | replace('aarch64', 'arm64') }}
      signed-by=/etc/apt/keyrings/docker.asc]
      https://download.docker.com/linux/debian
      {{ ansible_distribution_release }} stable
    state: present
    filename: docker
  become: true

- name: Install Docker Engine and Compose plugin
  ansible.builtin.apt:
    name:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      - docker-buildx-plugin
      - docker-compose-plugin
    state: present
    update_cache: true
  become: true

- name: Ensure Docker service is enabled and running
  ansible.builtin.systemd:
    name: docker
    enabled: true
    state: started
  become: true

- name: Create server deploy directory
  ansible.builtin.file:
    path: "{{ signage_server_deploy_dir }}"
    state: directory
    owner: root
    group: root
    mode: "0750"
  become: true

- name: Create server data directory
  ansible.builtin.file:
    path: "{{ signage_server_data_dir }}"
    state: directory
    owner: root
    group: root
    mode: "0750"
  become: true

- name: Create uploads directory
  ansible.builtin.file:
    path: "{{ signage_server_deploy_dir }}/uploads"
    state: directory
    owner: root
    group: root
    mode: "0750"
  become: true

- name: Deploy docker-compose.yml
  ansible.builtin.template:
    src: docker-compose.yml.j2
    dest: "{{ signage_server_deploy_dir }}/docker-compose.yml"
    owner: root
    group: root
    mode: "0640"
  become: true
  notify: Restart morz-server stack

- name: Deploy server environment file
  ansible.builtin.template:
    src: env.j2
    dest: "{{ signage_server_deploy_dir }}/.env"
    owner: root
    group: root
    mode: "0600"
  become: true
  notify: Restart morz-server stack

- name: Allow HTTPS through ufw
  community.general.ufw:
    rule: allow
    port: "{{ signage_server_https_port }}"
    proto: tcp
    comment: morz-infoboard HTTPS
  become: true
  when: signage_server_ufw_enabled and signage_server_ufw_allow_https

- name: Allow MQTT through ufw
  community.general.ufw:
    rule: allow
    port: "{{ signage_server_mqtt_port }}"
    proto: tcp
    comment: morz-infoboard MQTT
  become: true
  when: signage_server_ufw_enabled and signage_server_ufw_allow_mqtt

- name: Pull and start morz-server stack
  community.docker.docker_compose_v2:
    project_src: "{{ signage_server_deploy_dir }}"
    state: present
    pull: always
  become: true