---
- name: "Configure goaccess application"
  hosts: all

  vars_files:
    - vars/secrets.yml
    - vars/vars.yml

  vars:
    app_name: "goaccess"
    app_user: "{{ app_name }}"
    app_owner_uid: 1106
    app_owner_gid: 1106
    base_dir: "{{ (application_dir, app_name) | path_join }}"

    db_dir: "{{ (base_dir, 'db') | path_join }}"
    report_dir: "{{ (base_dir, 'report') | path_join }}"

  tasks:
    - name: "Create user and environment"
      ansible.builtin.import_role:
        name: owner
      vars:
        owner_name: "{{ app_user }}"
        owner_uid: "{{ app_owner_uid }}"
        owner_gid: "{{ app_owner_gid }}"
        owner_extra_groups: ["docker"]

    - name: "Create internal application directories"
      ansible.builtin.file:
        path: "{{ item }}"
        state: "directory"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        mode: "0770"
      loop:
        - "{{ base_dir }}"
        - "{{ db_dir }}"
        - "{{ report_dir }}"

    # Earlier runs left root-owned files inside db/report (the
    # containers used to start as root). Recurse-chown realigns them
    # so the now-non-root processor can rewrite/restore them.
    - name: "Realign ownership of generated artefacts"
      ansible.builtin.file:
        path: "{{ item }}"
        state: "directory"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        recurse: true
      loop:
        - "{{ db_dir }}"
        - "{{ report_dir }}"

    - name: "Ensure caddy access log exists before goaccess starts"
      ansible.builtin.copy:
        content: ""
        dest: "{{ (caddy_logs_dir, 'access.log') | path_join }}"
        force: false
        owner: "root"
        group: "root"
        mode: "0644"

    - name: "Copy docker compose file"
      ansible.builtin.template:
        src: "./files/{{ app_name }}/docker-compose.template.yml"
        dest: "{{ base_dir }}/docker-compose.yml"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        mode: "0640"

    - name: "Copy Dockerfile and entrypoint for the local jq-enabled goaccess image"
      ansible.builtin.copy:
        src: "./files/{{ app_name }}/{{ item.name }}"
        dest: "{{ (base_dir, item.name) | path_join }}"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        mode: "{{ item.mode }}"
      loop:
        - {name: "Dockerfile", mode: "0640"}
        - {name: "entrypoint.sh", mode: "0750"}

    - name: "Run application with docker compose"
      community.docker.docker_compose_v2:
        project_src: "{{ base_dir }}"
        state: "present"
        build: "always"
        remove_orphans: true
      tags:
        - run-app