---
- name: Ensure git user exists with ssh key
  ansible.builtin.user:
    name: "{{ gitea_git_username }}"
    generate_ssh_key: yes
    ssh_key_type: rsa
    ssh_key_bits: 4096
    ssh_key_comment: "Gitea Host Key"
  become: yes
  register: git_user

- name: Ensure git passthrough command directory exists
  ansible.builtin.file:
    path: "/app/gitea/"
    state: directory
    mode: '0770'
    owner: "{{ git_user['uid'] }}"
    group: "{{ git_user['group'] }}"
  become: yes

- name: Save git passthrough command in right location
  ansible.builtin.copy:
    src: gitea
    dest: "/app/gitea/gitea"
    owner: "{{ git_user['uid'] }}"
    group: "{{ git_user['group'] }}"
    mode: '0750'
  become: yes

- name: Fetch keyfile
  fetch:
    src: "{{ git_user['home'] }}/.ssh/id_rsa.pub"
    dest: "buffer/{{ansible_hostname}}-id_rsa.pub"
    flat: yes
  become: yes

- name: Ensure git user has its own key authorized for access
  ansible.posix.authorized_key:
    user: "{{ git_user['name'] }}"
    state: present
    key: "{{ lookup('file', 'buffer/{{ ansible_hostname }}-id_rsa.pub') }}"
  become: yes

- name: Clean up buffer dir
  ansible.builtin.file:
    path: buffer
    state: absent
  delegate_to: localhost

## install gitea container
- name: Check upstream status
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
      curl localhost:2019/id/{{ stack_name }}_upstream/
  register: result
  changed_when: (result.stdout | from_json) != (lookup('template', 'upstream.json.j2') | from_yaml)
  become: yes
  notify: "update gitea upstream"

- name: Deploy gitea to swarm
  community.general.docker_stack:
    name: "{{ stack_name }}"
    state: present
    prune: yes
    compose:
      - "{{ stack_compose }}"
  become: yes
  tags:
    - docker-swarm
  notify: "update gitea upstream"

- name: Get app container info
  ansible.builtin.command:
    cmd: docker ps -q -f name={{ stack_name }}_app
  become: yes
  until: gitea_app_container_name['rc'] == 0 and gitea_app_container_name['stdout'] | length >= 1
  retries: 5
  delay: 10
  changed_when: False
  register: gitea_app_container_name

- name: Look for existing admin user
  community.docker.docker_container_exec: 
    container: "{{ gitea_app_container_name['stdout'] }}"
    command: >
      gitea admin user list --admin
  become: yes
  until: "'connection refused' not in gitea_admin_list and 'Failed to run app' not in gitea_admin_list"
  retries: 5
  delay: 10
  changed_when: gitea_admin_list['stdout_lines'] | length <= 1
  failed_when: gitea_admin_list['rc'] == 1 and gitea_admin_list['attempts'] >= 5
  register: gitea_admin_list
  notify: "no admin user"