- name: OpenTogetherTube
  hosts: beepi
  become: true
  vars:
    user: ott
    user_home: /home/ott
    ott_db_password: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              33383832303231323133626563623336323137383136623335653063623365616334613338373832
              3862613733313565343164383437373165343134303637620a386438383839623431363163366137
              31653061353731346261383565373433623938383033306332303035323762353761393435306661
              6332663866323861330a653634666464316539396665626366386565306233346563303839616639
              61363334373265633930636635663339343461383061353963633762326664376464
    ott_api_key: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              66616532636462386435626536656136366664643539653639393931653337303061326139356138
              3665663430643332653931646637373733376639363262360a396430633663623135383731396430
              34666563333239326131623337653765633132383136633231393561326566326536663135333035
              3937626134376264340a323437626435373330376636353538653736376432643261393364303434
              38656639303335633534613832313334373762336364343163623338393037323933343134366238
              3532356231333830373063313936373830393035643731653735
    google_api_key: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              65336339346437343062633462393630356139623334353033653937306631336661383138613538
              3735333930613365326366393461343462656530616462350a613636623738653232373266303031
              36643835383361386161323431323562346666366236666163643936613538616633303663323132
              3063366466353937390a633162663635373962313464363166653339353662613162376534623634
              66336137383963326461306530636439376465646633356139333739333536396639373861613866
              3862376437303236373564393461336263346634393834376562
    ott_session_secret: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              34376530366330626433306637633034663237326234373738613934356131386466323530303333
              6264303933366264623564316638383365643134663437650a326165383538376636323237663962
              36366362663930633231346230643132386565373733633262303234326636373864626362393031
              6534313162396137630a326532663037323161316339643163366532626632336632616535303734
              37356562626337366638313666326135343837323665343233363833663961373939336562343462
              31323638383336313466643137643037343265613534333963366336666133303031316231313061
              63376166666261316436356435623365343335643133326465386239396136363739366635653037
              33363965666364376364393132643562633831316361346562386662666637343263363064346136
              6162
  tasks:
    - name: Install dependencies
      ansible.builtin.apt:
        name: "{{ item }}"
        state: present
      loop:
        - podman
        - systemd-container
        - passt

    - name: Create user
      ansible.builtin.user:
        name: "{{ user }}"
        home: "{{ user_home }}"
        shell: /usr/sbin/nologin
        create_home: true
      register: user_info

    - name: Enable linger
      ansible.builtin.command:
        cmd: "loginctl enable-linger {{ user }}"
        creates: "/var/lib/systemd/linger/{{ user }}"

    - name: Create quadlet directory
      ansible.builtin.file:
        path: "{{ user_home }}/.config/containers/systemd"
        state: directory
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0755'

    - name: Create data directories
      ansible.builtin.file:
        path: "{{ user_home }}/data/{{ item }}"
        state: directory
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0755'
      loop:
        - postgres
        - redis
        - env

    - name: Copy production.toml
      ansible.builtin.template:
        src: production.toml.j2
        dest: "{{ user_home }}/data/env/production.toml"
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0600'

    - name: Copy network
      ansible.builtin.copy:
        dest: "{{ user_home }}/.config/containers/systemd/ott.network"
        content: "[Network]\n"
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0644'

    - name: Deploy db quadlet
      ansible.builtin.template:
        src: ott-db.container.j2
        dest: "{{ user_home }}/.config/containers/systemd/ott-db.container"
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0600'

    - name: Deploy redis quadlet
      ansible.builtin.copy:
        src: ott-redis.container
        dest: "{{ user_home }}/.config/containers/systemd/ott-redis.container"
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0644'

    - name: Deploy server quadlet
      ansible.builtin.template:
        src: ott-server.container.j2
        dest: "{{ user_home }}/.config/containers/systemd/ott-server.container"
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0600'

    - name: Reload user systemd
      become: true
      become_user: "{{ user }}"
      environment:
        XDG_RUNTIME_DIR: "/run/user/{{ user_info.uid }}"
        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ user_info.uid }}/bus"
      ansible.builtin.systemd:
        daemon_reload: true
        scope: user

    - name: Start user manager
      ansible.builtin.systemd:
        name: "user@{{ user_info.uid }}.service"
        state: started

    - name: Start ott-server
      become: true
      become_user: "{{ user }}"
      environment:
        XDG_RUNTIME_DIR: "/run/user/{{ user_info.uid }}"
        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ user_info.uid }}/bus"
      ansible.builtin.systemd:
        name: ott-server.service
        state: started
        scope: user

    - name: Debug
      ansible.builtin.debug:
        msg:
          - "Service status: systemctl --user --machine {{ user_info.name }}@.host status ott-server"
          - "Read logs: sudo journalctl _UID={{ user_info.uid }} -n 200 --no-pager"
          - "Shell: machinectl shell {{ user_info.name }}@.host /bin/bash"
      tags:
        - always