---
- name: Stop container service
  ansible.builtin.systemd:
    name: container-reverse-proxy
    state: stopped
  become: true
  register: result_reverse_proxy_systemd_stop
  failed_when: "result_reverse_proxy_systemd_stop is failed and 'Could not find the requested service' not in result_reverse_proxy_systemd_stop.msg"

- name: Check if reverse-proxy container is running
  command: 'podman ps -q --filter "name=reverse-proxy"'
  changed_when: false
  register: podman_ps
  become: true

- name: Assert that no reverse-proxy container is running
  ansible.builtin.assert:
    that:
      - podman_ps.stdout_lines | length == 0

- name: Check if restore from backup is already done
  stat:
    path: /mnt/volumes/restore_states/reverse-proxy_restored
  register: reverse_proxy_restored_flag

- name: Create reverse-proxy network
  containers.podman.podman_network:
    name: reverse-proxy
  become: true

- name: Setup volume
  ansible.builtin.include_role:
    name: role_setup_volume
  vars:
    volume: "{{ item }}"
  with_items:
    - name: reverse-proxy_conf
      size: 1
      vol_type: classic
    - name: reverse-proxy_conf_enabled
      size: 1
      vol_type: classic
    - name: reverse-proxy_letsencrypt
      size: 1
      vol_type: classic
    - name: tmp_duplicity_workdir
      size: 20
      vol_type: high-speed
    - name: duplicity_cache
      size: 5
      vol_type: high-speed
  when: not reverse_proxy_restored_flag.stat.exists

- name: change ownership of duplicity working directories
  ansible.builtin.file:
    path: "{{ item }}"
    owner: "{{ LINUX_USERNAME }}"
    group: "{{ LINUX_USERNAME }}"
  become: true
  with_items:
    - "{{ DUPLICITY_WORKDIR }}"
    - "{{ DUPLICITY_ARCHIVE_DIR }}"
  when: not reverse_proxy_restored_flag.stat.exists

- name: restore volume backup
  ansible.builtin.command:
    cmd: "duplicity restore --archive-dir {{ DUPLICITY_ARCHIVE_DIR }} --name {{ item }} swift://{{ item }} /mnt/volumes/{{ item }}/data"
  environment:
    SWIFT_USERNAME: "{{ OS_USERNAME }}"
    SWIFT_PASSWORD: "{{ OS_PASSWORD }}"
    SWIFT_AUTHURL: "{{ OS_AUTH_URL }}"
    SWIFT_REGIONNAME: "{{ SWIFT_REGIONNAME }}"
    SWIFT_TENANTNAME: "{{ OS_TENANT_NAME }}"
    SWIFT_AUTHVERSION: "{{ OS_IDENTITY_API_VERSION }}"
    PASSPHRASE: "{{ duplicity_passphrase }}"
    # /usr/bin/duplicity uses "-s" python argument to prevent loading modules from user's python directory,
    # this variable will override that.
    PYTHONPATH: ".local/lib/python3.9/site-packages"
  register: duplicity_result
  with_items:
    - reverse-proxy_conf
    - reverse-proxy_conf_enabled
    - reverse-proxy_letsencrypt
  failed_when: duplicity_result is failed and (duplicity_result.rc is not defined or duplicity_result.rc != 11)
  changed_when: duplicity_result.rc is defined and duplicity_result.rc == 0
  when: not reverse_proxy_restored_flag.stat.exists
  become: true

# A local volume is needed to store restore states
- name: Create /mnt/volumes/restore_states directory if it does not exist
  ansible.builtin.file:
    path: "/mnt/volumes/restore_states"
    state: directory
    mode: '0755'
  become: true
  when: not reverse_proxy_restored_flag.stat.exists

- name: Create reverse-proxy_restored state file
  ansible.builtin.file:
    path: "/mnt/volumes/restore_states/reverse-proxy_restored"
    state: touch
    mode: '0755'
  become: true
  when: not reverse_proxy_restored_flag.stat.exists

# podman logout is needed before podman login if registry was recreated
- name: Logout from {{ private_registry_domain }}
  containers.podman.podman_logout:
    registry: "{{ private_registry_domain }}"
  changed_when: false
  # We ignore failures because the image should be in the cache
  failed_when: false
  become: true

- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
  containers.podman.podman_login:
    username: "{{ private_registry_user }}"
    password: "{{ private_registry_password }}"
    registry: "{{ private_registry_domain }}"
  changed_when: false
  # We ignore failures because the image should be in the cache
  failed_when: false
  become: true

- name: Create reverse-proxy container
  containers.podman.podman_container:
    name: reverse-proxy
    image: "{{ private_registry_domain }}/reverse-proxy:8c0dc1f517"
    state: present
    network:
      - reverse-proxy
    ports:
      - 80:80/tcp
      - 443:443/tcp
    volume:
      - /mnt/volumes/reverse-proxy_conf/data:/etc/apache2/sites-available:Z
      - /mnt/volumes/reverse-proxy_conf_enabled/data:/etc/apache2/sites-enabled:Z
      - /mnt/volumes/reverse-proxy_letsencrypt/data:/etc/letsencrypt:Z
    generate_systemd:
      path: /etc/systemd/system
  become: true

- name: start/enable container service
  ansible.builtin.systemd:
    daemon-reload: true
    name: container-reverse-proxy
    state: started
    enabled: true
  become: true