---
- name: Creating compose from template
  hosts: localhost
  gather_facts: false
  tasks:
  - name: Generate password for Keycloak password
    ansible.builtin.set_fact:
      keycloak_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
      grafana_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
      postgres_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
      grafana_kc_client_secret: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"

  - name: Get current user
    ansible.builtin.command: echo $USER
    register: usercmd

  - name: Ensure working directory exists
    ansible.builtin.stat:
      path: /opt/infra
    register: infrastat

  - name: Fails if working directory does not belong to ansible user
    ansible.builtin.fail:
      msg: "/opt/infra does not belong to {{ usercmd.stdout }}"
    when: infrastat.stat.pw_name != usercmd.stdout

  - name: Generating Compose file
    ansible.builtin.template:
      src: compose.yml
      dest: /opt/infra/compose.yml

  - name: Create postgres directory if it does not exist
    ansible.builtin.file:
      path: /opt/infra/postgres
      state: directory
      mode: '0755'

  - name: Create init-scripts directory if it does not exist
    ansible.builtin.file:
      path: /opt/infra/postgres/init-scripts
      state: directory
      mode: '0755'

  - name: Generate postgres init scripts for grafana user
    ansible.builtin.template:
      src: grafana.sql
      dest: /opt/infra/postgres/init-scripts/grafana.sql

  - name: Generate postgres init scripts for keycloak user
    ansible.builtin.template:
      src: keycloak.sql
      dest: /opt/infra/postgres/init-scripts/keycloak.sql

  - name: Copying grafana cert files
    ansible.builtin.copy:
      src: grafana
      dest: /opt/infra/

  - name: Copying keycloak image build files
    ansible.builtin.copy:
      src: keycloak
      dest: /opt/infra/

  - name: Deploying Compose file
    community.docker.docker_compose_v2:
      project_src: /opt/infra
      files:
      - compose.yml

  - name: Wait for docker to have all images deployed
    ansible.builtin.wait_for:
      timeout: 30

    #  - name: Adding root cert to grafana image
    #    community.docker.docker_container_copy_into:
    #      container: infra-grafana
    #      path: files/mforcen.crt
    #      container_path: /etc/ssl/mforcen.crt
    #
    #  - name: Creating ssl folder
    #    community.docker.docker_container_exec:
    #      container: infra-grafana
    #      command: mkdir /ssl
    #      user: 0
    #
    #  - name: Adding fullchain cert to grafana container
    #    community.docker.docker_container_copy_into:
    #      container: infra-grafana
    #      path: files/grafana.mforcen.dev.fullchain.pem
    #      container_path: /ssl/grafana.mforcen.dev.fullchain.pem
    #      mode: 0755
    #
    #  - name: Adding key to grafana container
    #    community.docker.docker_container_copy_into:
    #      container: infra-grafana
    #      path: files/grafana.mforcen.dev.key
    #      container_path: /ssl/grafana.mforcen.dev.key
    #      mode: 0755

  - name: Wait for keycloak to be ready
    ansible.builtin.wait_for:
      timeout: 60

  - name: Creating realm infra in Keycloak
    community.general.keycloak_realm:
      auth_client_id: admin-cli
      auth_keycloak_url: https://sso.mforcen.dev
      auth_realm: master
      auth_username: admin
      auth_password: Radiola.123
      state: present
      id: infra
      realm: infra

  - name: Creating client Grafana in Keycloak
    community.general.keycloak_client:
      auth_client_id: admin-cli
      auth_keycloak_url: https://sso.mforcen.dev
      auth_realm: master
      auth_username: admin
      auth_password: Radiola.123
      realm: infra
      client_id: grafana
      enabled: true
      direct_access_grants_enabled: true
      protocol: openid-connect
      standard_flow_enabled: true
      root_url: https://grafana.mforcen.dev
      redirect_uris:
      - https://grafana.mforcen.dev/*
      web_origins:
      - https://grafana.mforcen.dev/*
      admin_url: https://grafana.mforcen.dev
      base_url: https://grafana.mforcen.dev
      client_authenticator_type: client-secret
      id: a6960246-4aa9-495f-8843-69d664dba0ea
      secret: "{{ grafana_kc_client_secret }}"

    #  - name: Create grafana config ini file
    #    ansible.builtin.template:
    #      src: grafana.ini
    #      dest: ../grafana.ini
    #        
    #  - name: Stopping grafana container
    #    community.docker.docker_container:
    #      name: infra-grafana
    #      state: stopped
    #
    #  - name: Starting grafana container
    #    community.docker.docker_container:
    #      name: infra-grafana
    #      state: started