- name: Create a pangolin group
  group:
    name: pangolin
    state: present
    gid: 1051

- name: Create a pangolin user
  user:
    name: pangolin
    uid: 1051
    group: 1051
    comment: "pangolin user"
    shell: /bin/bash
    state: present
    create_home: yes

- name: Permanently enable http service (firewalld)
  ansible.posix.firewalld:
    service: http
    state: enabled
    permanent: true
    immediate: true
    offline: true

- name: Permanently enable https service (firewalld)
  ansible.posix.firewalld:
    service: https
    state: enabled
    permanent: true
    immediate: true
    offline: true

- name: Permanently enable wireguard service (firewalld)
  ansible.posix.firewalld:
    service: wireguard
    state: enabled
    permanent: true
    immediate: true
    offline: true

- name: Permit traffic in default zone on port 21820/udp
  ansible.posix.firewalld:
    port: 21820/udp
    permanent: true
    state: enabled
    immediate: true
    offline: true

- name: Install epel
  package:
    name: epel-release
    state: present

- name: Install podman
  package:
    name: podman
    state: present

- name: Install podman-compose
  package:
    name: podman-compose
    state: present

- name: Start and enable podman service
  service:
    name: podman
    state: started
    enabled: true

- name: Create pangolin config and logging directories
  file:
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: pangolin
    group: pangolin
  loop:
    - /home/pangolin/config
    - /home/pangolin/config/db
    - /home/pangolin/config/traefik
    - /home/pangolin/config/letsencrypt
    - /home/pangolin/config/logs

- name: Create pangolin config
  template: 
    src: templates/config.yaml.j2
    dest: /home/pangolin/config/config.yml
    owner: pangolin
    group: pangolin
    mode: 0600

- name: Create traefik config
  template:
    src: templates/traefik_config.yaml.j2
    dest: /home/pangolin/config/traefik/traefik_config.yml
    owner: pangolin
    group: pangolin
    mode: 0600

- name: Create traefik dynamic config
  template: 
    src: templates/dynamic_config.yaml.j2
    dest: /home/pangolin/config/traefik/dynamic_config.yml
    owner: pangolin
    group: pangolin
    mode: 0600

- name: Create docker-compose
  template:
    src: templates/docker-compose.yaml.j2
    dest: /home/pangolin/docker-compose.yaml
    owner: pangolin
    group: pangolin
    mode: 0600

- name: Run podman-compose up
  become: true
  become_user: pangolin
  command: podman compose up -d
  args:
    chdir: /home/pangolin