- name: Immich
  hosts: beepi
  become: true
  vars:
    immich_db_password: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              64666332336435616365303563636634373333346537643336626235316432643336303665646463
              3735653065653561643635376237393666313137303661370a336664623937623061313663303835
              37623866383831623433366132346232663862653566653139323630356466653134363035363836
              3061376330316365310a393961343065633937336534306265663733653665383233383030326439
              30633861353033656264663439623264383536376664613665613138623262623261

  tasks:
    - name: Install dependencies
      ansible.builtin.apt:
        name: "{{ item }}"
        state: present
      loop:
        - podman
        - systemd-container
        - passt

    - name: Create immich user
      ansible.builtin.user:
        name: immich
        home: /home/immich
        shell: /usr/sbin/nologin
        create_home: true
      register: immich_user_info

    - name: Enable linger
      ansible.builtin.command:
        cmd: "loginctl enable-linger immich"
        creates: "/var/lib/systemd/linger/immich"

    - name: Create quadlet directory
      ansible.builtin.file:
        path: "/home/immich/.config/containers/systemd"
        state: directory
        owner: "immich"
        group: "immich"
        mode: '0755'

    - name: Copy network
      ansible.builtin.copy:
        dest: "/home/immich/.config/containers/systemd/immich.network"
        content: "[Network]\n"
        owner: immich
        group: immich
        mode: '0644'

    - name: Copy volumes
      ansible.builtin.copy:
        dest: "/home/immich/.config/containers/systemd/{{ item }}.volume"
        content: "[Volume]\n"
        owner: immich
        group: immich
        mode: '0644'
      loop:
        - immich-pgdata
        - immich-upload

    - name: Deploy db quadlet
      ansible.builtin.template:
        src: immich-db.container.j2
        dest: "/home/immich/.config/containers/systemd/immich-db.container"
        owner: immich
        group: immich
        mode: '0600'

    - name: Deploy redis quadlet
      ansible.builtin.copy:
        src: immich-redis.container
        dest: "/home/immich/.config/containers/systemd/immich-redis.container"
        owner: immich
        group: immich
        mode: '0644'

    - name: Deploy server quadlet
      ansible.builtin.template:
        src: immich-server.container.j2
        dest: "/home/immich/.config/containers/systemd/immich-server.container"
        owner: immich
        group: immich
        mode: '0600'

    - name: Reload user systemd
      become: true
      become_user: immich
      environment:
        XDG_RUNTIME_DIR: "/run/user/{{ immich_user_info.uid }}"
        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ immich_user_info.uid }}/bus"
      ansible.builtin.systemd:
        daemon_reload: true
        scope: user

    - name: Start user manager for immich
      ansible.builtin.systemd:
        name: "user@{{ immich_user_info.uid }}.service"
        state: started

    - name: Start immich-server
      become: true
      become_user: immich
      environment:
        XDG_RUNTIME_DIR: "/run/user/{{ immich_user_info.uid }}"
        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ immich_user_info.uid }}/bus"
      ansible.builtin.systemd:
        name: immich-server.service
        state: started
        scope: user

    - name: Debug
      ansible.builtin.debug:
        msg:
          - "Service status: systemctl --user --machine {{ immich_user_info.name }}@.host status immich-server"
          - "Read logs: sudo journalctl _UID={{ immich_user_info.uid }} -n 200 --no-pager"
          - "Shell: machinectl shell {{ immich_user_info.name }}@.host /bin/bash"