---

- name: install base apps
  apt:
    force_apt_get: yes
    name:
      - docker-compose-v2
      - git

- name: base path
  file:
    path: "/srv/mastodon"
    state: directory
    recurse: true

- name: source
  git:
    repo: "https://tea.entar.net/teh/mastodon.git"
    dest: /srv/mastodon/src

- name: docker-compose file
  template:
    src: templates/docker-compose.mastodon.yaml
    dest: /srv/mastodon/docker-compose.yaml
  register: compose

## generate a secrets file if we need one
# FIXME: what's in the mastodon_secrets.yaml file should be in credential lookup like db_password is

- name: check mastodon secrets var file
  delegate_to: localhost
  become: false
  stat:
    path: mastodon_secrets.yaml
  register: mastosecrets

- name: env file stub
  template:
    src: templates/env.production
    dest: /srv/mastodon/.env.production
  vars:
    db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
    alternate_domains: "mastodon_web"
  when: mastosecrets.stat.exists != true

- name: get SECRET_KEY_BASE
  shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
  args:
    chdir: /srv/mastodon
  register: skb
  when: mastosecrets.stat.exists != true

- name: get OTP_SECRET
  shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
  args:
    chdir: /srv/mastodon
  register: otp
  when: mastosecrets.stat.exists != true

- name: get vapid secrets
  command: docker compose run --rm mastodon_web rake mastodon:webpush:generate_vapid_key
  args:
    chdir: /srv/mastodon
  register: vapid
  when: mastosecrets.stat.exists != true

- name: create mastodon secrets file
  delegate_to: localhost
  become: false
  template:
    src: templates/mastodon_secrets.yaml
    dest: mastodon_secrets.yaml
  when: mastosecrets.stat.exists != true

  ## now that we have a secrets file, read it in and make the env file again

- name: read env secret vars
  include_vars:
    file: mastodon_secrets.yaml

- name: env file
  template:
    src: templates/env.production
    dest: /srv/mastodon/.env.production
  vars:
    db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
    alternate_domains: "mastodon_web"
  register: envfile

## finally, let's launch mastodon

- name: launch mastodon
  command: docker compose up -d
  args:
    chdir: /srv/mastodon

- name: restart mastodon
  command: docker compose restart
  args:
    chdir: /srv/mastodon
  when: envfile.changed or compose.changed