---
- name: Check if install from backup is already done
  stat:
    path: /mnt/volumes/install_states/reverse-proxy_installed
  register: reverse_proxy_installed_flag

- name: Create reverse-proxy network
  containers.podman.podman_network:
    name: reverse-proxy
  become: true
  when: not reverse_proxy_installed_flag.stat.exists

- name: Setup volume
  ansible.builtin.include_role:
    name: role_setup_volume
  vars:
    volume: "{{ item }}"
  with_items:
    - name: reverse-proxy_conf
      size: 1
      vol_type: classic
    - name: reverse-proxy_conf_enabled
      size: 1
      vol_type: classic
    - name: reverse-proxy_letsencrypt
      size: 1
      vol_type: classic
    - name: tmp_duplicity_workdir
      size: 20
      vol_type: high-speed
    - name: duplicity_cache
      size: 5
      vol_type: high-speed
  when: not reverse_proxy_installed_flag.stat.exists

- name: change ownership of duplicity working directories
  ansible.builtin.file:
    path: "{{ item }}"
    owner: "{{ LINUX_USERNAME }}"
    group: "{{ LINUX_USERNAME }}"
  become: true
  with_items:
    - "{{ DUPLICITY_WORKDIR }}"
    - "{{ DUPLICITY_ARCHIVE_DIR }}"
  when: not reverse_proxy_installed_flag.stat.exists

- name: restore volume backup
  ansible.builtin.command:
    cmd: "duplicity restore --archive-dir {{ DUPLICITY_ARCHIVE_DIR }} --name {{ item }} swift://{{ item }} /mnt/volumes/{{ item }}/data"
  environment:
    SWIFT_USERNAME: "{{ OS_USERNAME }}"
    SWIFT_PASSWORD: "{{ OS_PASSWORD }}"
    SWIFT_AUTHURL: "{{ OS_AUTH_URL }}"
    SWIFT_REGIONNAME: "{{ SWIFT_REGIONNAME }}"
    SWIFT_TENANTNAME: "{{ OS_TENANT_NAME }}"
    SWIFT_AUTHVERSION: "{{ OS_IDENTITY_API_VERSION }}"
    PASSPHRASE: "{{ duplicity_passphrase }}"
    # /usr/bin/duplicity uses "-s" python argument to prevent loading modules from user's python directory,
    # this variable will override that.
    PYTHONPATH: ".local/lib/python3.9/site-packages"
  register: duplicity_result
  with_items:
    - reverse-proxy_conf
    - reverse-proxy_conf_enabled
    - reverse-proxy_letsencrypt
  failed_when: duplicity_result is failed and (duplicity_result.rc is not defined or duplicity_result.rc != 11)
  changed_when: duplicity_result.rc is defined and duplicity_result.rc == 0
  when: not reverse_proxy_installed_flag.stat.exists
  become: true

# A local volume is needed to store install states
- name: Create /mnt/volumes/install_states directory if it does not exist
  ansible.builtin.file:
    path: "/mnt/volumes/install_states"
    state: directory
    mode: '0755'
  become: true
  when: not reverse_proxy_installed_flag.stat.exists

- name: Create reverse-proxy_installed state file
  ansible.builtin.file:
    path: "/mnt/volumes/install_states/reverse-proxy_installed"
    state: touch
    mode: '0755'
  become: true
  when: not reverse_proxy_installed_flag.stat.exists

- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
  containers.podman.podman_login:
    username: "{{ private_registry_user }}"
    password: "{{ private_registry_password }}"
    registry: "{{ private_registry_domain }}"
  changed_when: false
  become: true

- name: Create reverse-proxy container
  containers.podman.podman_container:
    name: reverse-proxy
    image: "{{ private_registry_domain }}/reverse-proxy:8c0dc1f517"
    network:
      - reverse-proxy
    ports:
      - 80:80/tcp
      - 443:443/tcp
    volume:
      - /mnt/volumes/reverse-proxy_conf/data:/etc/apache2/sites-available:Z
      - /mnt/volumes/reverse-proxy_conf_enabled/data:/etc/apache2/sites-enabled:Z
      - /mnt/volumes/reverse-proxy_letsencrypt/data:/etc/letsencrypt:Z
  become: true