---
- name: Frontend setup
  hosts: frontend

  vars:
    username: matt

    #certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
    certbot_auto_renew_user: "root"
    certbot_auto_renew_hour: "3"
    certbot_auto_renew_minute: "30"

    certbot_create_if_missing: true
    certbot_admin_email: matthew@thespencers.me.uk

    certbot_certs:
      - webroot: "/var/www/html"
        domains:
          - "apptabulous.co.uk"
          - "www.apptabulous.co.uk"
          - "hub.apptabulous.co.uk"
          - "watchtower.apptabulous.co.uk"
          - "m5p3nc3r.co.uk"
          - "www.m5p3nc3r.co.uk"
          - "gitea.m5p3nc3r.co.uk"

    certbot_repo: https://github.com/certbot/certbot.git
    certbot_version: master
    certbot_keep_updated: true
    certbot_dir: /opt/certbot
    certbot_create_extra_args: ""

    docker_add_repo: true
    docker_users:
      - "{{ username }}"

  roles:
    - role: geerlingguy.git
      become: true
    - role: geerlingguy.docker
      become: true
    - role: geerlingguy.certbot
      become: true

  tasks:
    - name: Override default certbot start/stop jobs
      become: true
      ansible.builtin.copy:
        src: letsencrypt
        dest: /etc

    - name: Copy reverse proxy configuration to host
      become: true
      ansible.builtin.copy:
        src: apptabulous/reverseproxy
        dest: /etc

    - name: Start reverse proxy container
      community.docker.docker_container:
        name: reverse_proxy
        image: nginx:alpine
        #image: ghcr.io/m5p3nc3r/nginx-keyval:main
        restart_policy: always
        volumes:
          - /etc/reverseproxy/nginx.conf:/etc/nginx/nginx.conf
          - /etc/reverseproxy/conf.d:/etc/nginx/conf.d
          - /etc/reverseproxy/stream.d:/etc/nginx/stream.d
          - /etc/letsencrypt:/etc/letsencrypt
        ports:
          - "80:80"
          - "443:443"
          - "2222:2222"
        state: started

    - name: Start docker registry
      community.docker.docker_container:
        name: registry
        image: registry:2
        restart_policy: always
        ports:
          - "5000:5000"
        state: started

    - name: Log into ghcf.io registry
      community.general.docker_login:
        registry: ghcr.io
        username: "{{ secrets.GITHUB_ACTOR }}"
        password: "{{ secrets.GITHUB_TOKEN }}"

    - name: Start m5p3nc3r website
      community.docker.docker_container:
        name: website
        image: ghcr.io/m5p3nc3r/website:main
        restart_policy: always
        volumes:
          - /home/matt/public/apps:/app/public/apps
        ports:
          - "3000:3000"
        env:
          NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: "{{ secrets.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY }}"
        state: started

    - name: Start Apptabulous website
      community.docker.docker_container:
        name: apptabulous_website
        image: ghcr.io/m5p3nc3r/apptabulous_website:main
        restart_policy: always
        ports:
          - "3001:3000"
        state: started

    - name: Start watchtower
      community.docker.docker_container:
        name: watchtower
        image: nickfedor/watchtower
        restart_policy: always
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
          - /home/matt/.docker/config.json:/config.json
        command:
          - --cleanup
          - --http-api-update
          - --http-api-token={{ secrets.WATCHTOWER_HTTP_API_TOKEN }}
          - --http-api-periodic-polls
        ports:
          - "8080:8080"
        state: started