- name: Gitea
  hosts: beepi
  become: true
  vars:
    user: gitea
    user_home: /home/gitea
    gitea_db_password: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              63336533393735346165633965383866393736336365646330346236356239363737353234383637
              6261383166323062663033346136633066303462343263320a333932646162336232373530373834
              65386637336562646135613563356137313239336365653161386434313835633437613233343332
              3736353865313938300a383266353538666135353866653263663133663232646430323966353134
              3939
  tasks:
    - name: Install dependencies
      ansible.builtin.apt:
        name: "{{ item }}"
        state: present
      loop:
        - podman
        - systemd-container
        - passt

    - name: Create user
      ansible.builtin.user:
        name: "{{ user }}"
        home: "{{ user_home }}"
        shell: /usr/sbin/nologin
        create_home: true
      register: user_info

    - name: Enable linger
      ansible.builtin.command:
        cmd: "loginctl enable-linger {{ user }}"
        creates: "/var/lib/systemd/linger/{{ user }}"

    - name: Create quadlet directory
      ansible.builtin.file:
        path: "{{ user_home }}/.config/containers/systemd"
        state: directory
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0755'

    - name: Create data directory
      ansible.builtin.file:
        path: "{{ user_home }}/data"
        state: directory
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0755'

    - name: Copy network
      ansible.builtin.copy:
        dest: "{{ user_home }}/.config/containers/systemd/gitea.network"
        content: "[Network]\n"
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0644'

    - name: Deploy db quadlet
      ansible.builtin.template:
        src: gitea-db.container.j2
        dest: "{{ user_home }}/.config/containers/systemd/gitea-db.container"
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0600'

    - name: Deploy server quadlet
      ansible.builtin.template:
        src: gitea-server.container.j2
        dest: "{{ user_home }}/.config/containers/systemd/gitea-server.container"
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: '0600'

    - name: Reload user systemd
      become: true
      become_user: "{{ user }}"
      environment:
        XDG_RUNTIME_DIR: "/run/user/{{ user_info.uid }}"
        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ user_info.uid }}/bus"
      ansible.builtin.systemd:
        daemon_reload: true
        scope: user

    - name: Start user manager
      ansible.builtin.systemd:
        name: "user@{{ user_info.uid }}.service"
        state: started

    - name: Start gitea-server
      become: true
      become_user: "{{ user }}"
      environment:
        XDG_RUNTIME_DIR: "/run/user/{{ user_info.uid }}"
        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ user_info.uid }}/bus"
      ansible.builtin.systemd:
        name: gitea-server.service
        state: started
        scope: user

    - name: Debug
      ansible.builtin.debug:
        msg:
          - "Service status: systemctl --user --machine {{ user_info.name }}@.host status gitea-server"
          - "Read logs: sudo journalctl _UID={{ user_info.uid }} -n 200 --no-pager"
          - "Shell: machinectl shell {{ user_info.name }}@.host /bin/bash"
      tags:
        - always