---

# create directories
- name: "create pangolin directories"
  ansible.builtin.file:
    path: "{{ item }}"
    state: "directory"
    mode: "0755"
  loop:
    - "/mnt/pangolin/config"
    - "/mnt/pangolin/config/traefik"
    - "/mnt/pangolin/config/letsencrypt"

# pangolin config
- name: "pangolin config"
  ansible.builtin.template:
    src: "templates/pangolin/config.yml.j2"
    dest: "/mnt/pangolin/config/config.yml"
    owner: "root"
    group: "root"
    mode: "0644"
  notify: "restart pangolin"

# run pangolin
- name: "run pangolin"
  community.docker.docker_container:
    container_default_behavior: "no_defaults"
    detach: "yes"
    pull: "always"
    state: "started"
    name: "pangolin"
    image: "docker.io/fosrl/pangolin:1.10.3"
    restart_policy: "unless-stopped"
    networks:
      - name: "pangolin"

    volumes:
      - "/mnt/pangolin/config:/app/config"

    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
      interval: "3s"
      timeout: "3s"
      retries: 15


# traefik config
- name: "traefik config"
  ansible.builtin.template:
    src: "templates/traefik/traefik_config.yml.j2"
    dest: "/mnt/pangolin/config/traefik/traefik_config.yml"
    owner: "root"
    group: "root"
    mode: "0644"
  notify: "restart traefik"

# run traefik
- name: "run traefik"
  community.docker.docker_container:
    container_default_behavior: "no_defaults"
    detach: "yes"
    pull: "always"
    state: "started"
    name: "traefik"
    image: "docker.io/library/traefik:v3.5"
    restart_policy: "unless-stopped"
    networks:
      - name: "pangolin"

    volumes:
      - "/mnt/pangolin/config/traefik:/etc/traefik:ro"
      - "/mnt/pangolin/config/letsencrypt:/letsencrypt"

    ports:
      - "443:443/tcp"
      - "80:80/tcp"

    command:
      - "--configFile=/etc/traefik/traefik_config.yml"

    env:
      TRANSIP_ACCOUNT_NAME: "{{ transip_account_name }}"
      TRANSIP_PRIVATE_KEY_PATH: "{{ transip_private_key_path }}"