---
- name: Update Docker configuration
  hosts: nanna
  tasks:
    - name: Add users for running containers
      become: true
      ansible.builtin.user:
        name: "{{ item.name }}"
        uid: "{{ item.uid }}"
        state: "{{ item.state }}"
        create_home: false
        system: true
      loop:
        - name: gitea
          uid: 42001
          state: present
        - name: caddy
          uid: 42002
          state: present
    - name: Create Caddy network
      become: true
      community.docker.docker_network:
        name: caddy-network
        state: present
    - name: Upload docker configuration
      become: true
      ansible.builtin.copy:
        src: ../../docker/docker
        dest: /etc/pbri
        # Files should inaccessible to non-root users.
        mode: u=rw,g=,o=
        # Directories should be listable
        directory_mode: u=rwx,g=rx,o=rx
    - name: Create directory for docker volumes
      become: true
      ansible.builtin.file:
        path: /var/lib/pbri/docker
        state: directory
        # Hide contents from non-root users
        mode: u=rwx,g=,o=
    - name: Upload and decrypt docker environment vars
      become: true
      ansible.builtin.copy:
        src: "../../docker/envs/{{ item.name }}/.env"
        dest: /etc/pbri/docker/{{ item.name }}/.env
        # Files should inaccessible to non-root users.
        mode: u=rw,g=,o=
        # This is true by default but I put it here anyways
        # to emphasize what's happening
        decrypt: true
      # Not quite happy with all the seperate loops yet.
      loop:
        - name: gitea
          state: present
    - name: Create volume directories with correct permissions
      become: true
      ansible.builtin.file:
        path: "/var/lib/pbri/docker/{{ item.name }}"
        owner: "{{ item.user }}"
        group: "{{ item.user }}"
        state: directory
        mode: u=rwx,g=,o=
      loop:
        - name: caddy_config
          user: caddy
        - name: caddy_data
          user: caddy