---

- name: Ensure infisical directory exists
  ansible.builtin.file:
    path: /opt/infisical
    state: directory
    mode: "0755"

- name: Generate .env file
  ansible.builtin.template:
    src: env.j2
    dest: /opt/infisical/.env
    mode: "0600"

- name: Install passlib
  ansible.builtin.pip:
    name: passlib # dependency of Ansible's passwordhash
    state: present

- name: Template Caddyfile
  ansible.builtin.template:
    src: Caddyfile.j2
    dest: /opt/infisical/Caddyfile
    mode: "0600"
  notify:
    - Restart caddy

- name: Template Docker Compose file
  ansible.builtin.template:
    src: docker-compose.yml.j2
    dest: /opt/infisical/docker-compose.yml
    mode: "0644"

- name: Start up docker-compose.yml
  community.docker.docker_compose_v2:
    project_src: /opt/infisical
    state: present

- name: Configure firewall
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
    proto: tcp
  loop:
    - 443