---

- name: Create futureporn group
  ansible.builtin.group:
    name: futureporn
    state: present

- name: Create futureporn user
  ansible.builtin.user:
    name: futureporn
    group: futureporn
    create_home: true
    home: /home/futureporn
    system: true

- name: Ensure futureporn directory exists
  ansible.builtin.file:
    path: /opt/futureporn
    state: directory
    mode: "0755"
  notify:
    - Restart app

- name: Ensure config directory exists
  ansible.builtin.file:
    path: /usr/local/etc/futureporn/our
    state: directory
    mode: "0755"
  notify:
    - Restart app

- name: Generate .env file
  ansible.builtin.template:
    src: env.j2
    dest: "{{ env_file }}"
    mode: "0600"
  notify:
    - Restart app

- name: Download Futureporn source code
  ansible.builtin.git:
    repo: https://gitea.futureporn.net/futureporn/fp
    dest: /opt/futureporn
    version: "{{ our_commit }}"
    update: true
  tags:
    - our
  notify:
    - Restart app

- name: Install Our packages based on package.json
  community.general.npm:
    path: "{{ app_dir }}"


- name: Install passlib
  ansible.builtin.pip:
    name: passlib # dependency of Ansible's passwordhash
    state: present

- name: Create our-server service
  ansible.builtin.template:
    src: our-server.service.j2
    dest: /etc/systemd/system/our-server.service
    mode: "0644"
  notify:
    - Restart app



# - name: Template Caddyfile
#   ansible.builtin.template:
#     src: Caddyfile.j2
#     dest: /opt/our/Caddyfile
#     mode: "0600"
#   notify:
#     - Restart caddy

# - name: Template Docker Compose file
#   ansible.builtin.template:
#     src: docker-compose.yml.j2
#     dest: /opt/our/docker-compose.yml
#     mode: "0644"
#   notify:
#     - Restart app

- name: Set default UFW policy to deny incoming
  community.general.ufw:
    state: enabled
    policy: deny
    direction: incoming

- name: Configure firewall
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
    proto: tcp
  loop:
    - 443
    - 80



- name: Allow /20 subnet access
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
    proto: tcp
    from: 10.2.112.0/20
  loop:
    - 3000

# Bright app Reference
# ---

# # Terraform Vultr provider doesn't have a VFS resource/datasource yet.
# # This is a workaround for that missing feature.
# #
# # @see https://github.com/vultr/terraform-provider-vultr/issues/560
# - name: Get the VFS id
#   ansible.builtin.uri:
#     url: https://api.vultr.com/v2/vfs
#     method: GET
#     status_code: 200
#     headers:
#       Authorization: "Bearer {{ lookup('dotenv', 'VULTR_API_KEY', file='../.env') }}"
#   register: vfs_list

# - name: Get VFS variables
#   ansible.builtin.set_fact:
#     our_vfs_id: "{{ vfs_list.json.vfs | selectattr('label', 'equalto', 'our') | map(attribute='id') | first }}"

# - name: Debug the our VFS id
#   ansible.builtin.debug:
#     msg: "The VFS ID for 'our' is {{ our_vfs_id }}"

# - name: Attach VFS to Vultr instance
#   ansible.builtin.uri:
#     url: https://api.vultr.com/v2/vfs/{{ our_vfs_id }}/attachments/{{ hostvars[inventory_hostname]['vultr_instance_id'] }}
#     method: PUT
#     status_code:
#       - 200
#       - 201
#       - 409
#     headers:
#       Authorization: "Bearer {{ lookup('dotenv', 'VULTR_API_KEY', file='../.env') }}"
#   register: vfs_attach
#   changed_when:
#     - vfs_attach.json is defined
#     - "'state' in vfs_attach.json"
#     - vfs_attach.json.state == "ATTACHED"
#   notify:
#     - Mount vfs
#     - Restart our

# - name: Debug vfs_attach
#   ansible.builtin.debug:
#     var: vfs_attach

# - name: Get the VFS mount_tag
#   ansible.builtin.set_fact:
#     vfs_mount_tag: "{{ vfs_attach.json.mount_tag | default('') }}"


# - name: Setup docker container
#   community.docker.docker_container:
#     name: our
#     image: gitea.futureporn.net/futureporn/our:latest
#     pull: always
#     state: started
#     ports:
#       - "4000:4000"
#     volumes:
#       - "/mnt/vfs/futureporn:/mnt/vfs/futureporn"
#     env:
#       DB_HOST: "{{ hostvars['fp-db-0']['internal_ip'] }}"
#       DB_USER: "{{ lookup('dotenv', 'DB_USER', file='../.env') }}"
#       DB_NAME: "our"
#       DB_PORT: "5432"
#       DB_PASS: "{{ lookup('dotenv', 'DB_PASS', file='../.env') }}"
#       MIX_ENV: prod
#       PUBLIC_S3_ENDPOINT: https://futureporn-b2.b-cdn.net
#       PATREON_REDIRECT_URI: https://our.futureporn.net/auth/patreon/callback
#       SITE_URL: https://our.futureporn.net
#       PHX_HOST: our.futureporn.net
#       AWS_BUCKET: futureporn
#       AWS_REGION: us-west-000
#       AWS_HOST: s3.us-west-000.backblazeb2.com
#       SECRET_KEY_BASE: "{{ lookup('dotenv', 'SECRET_KEY_BASE', file='../.env') }}"
#       PATREON_CLIENT_SECRET: "{{ lookup('dotenv', 'PATREON_CLIENT_SECRET', file='../.env') }}"
#       PATREON_CLIENT_ID: "{{ lookup('dotenv', 'PATREON_CLIENT_ID', file='../.env') }}"
#       AWS_ACCESS_KEY_ID: "{{ lookup('dotenv', 'AWS_ACCESS_KEY_ID', file='../.env') }}"
#       AWS_SECRET_ACCESS_KEY: "{{ lookup('dotenv', 'AWS_SECRET_ACCESS_KEY', file='../.env') }}"
#       TRACKER_HELPER_ACCESSLIST_URL: https://tracker.futureporn.net/accesslist
#       TRACKER_HELPER_USERNAME: "{{ lookup('dotenv', 'TRACKER_HELPER_USERNAME', file='../.env') }}"
#       TRACKER_HELPER_PASSWORD: "{{ lookup('dotenv', 'TRACKER_HELPER_PASSWORD', file='../.env') }}"
#       TRACKER_URL: https://tracker.futureporn.net:6969
#       CACHE_DIR: /mnt/vfs/futureporn # we use Vultr File System to share cache among all Phoenix instances