- name: "set the user variables"
  ansible.builtin.import_role:
    name: "include"
    vars_from: "user"

- name: "set the rproxy variables"
  ansible.builtin.include_vars:
    file: "nginx.yml"

- block:

    - name: "create nginx conf.d"
      ansible.builtin.file:
        path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
        state: "directory"
        mode: 0755

    - name: "configure reverse proxy nginx"
      ansible.builtin.copy:
        src: "setup/{{ item }}"
        dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
        mode: 0644
      loop: "{{ services_rproxy_nginx_conf_d_files }}"
      register: services_deploy_rproxy_config_files

    - name: "configure systemd service"
      ansible.builtin.template:
        src:  "./systemd/{{ item }}.j2"
        dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
        mode: 0644
      loop:
        - "pod-rproxy.service"
        - "container-rproxy-nginx.service"
        - "container-rproxy-certbot.service"
        - "container-rproxy-certbot.timer"
      register: services_deploy_rproxy_systemd_files

    - name: "systemd user daemon reload"
      systemd:
        daemon_reload: true
        scope: "user"
      when:
        services_deploy_rproxy_systemd_files.changed

    - name: "enable container-rproxy-certbot timer"
      ansible.builtin.systemd:
        name: "container-rproxy-certbot.timer"
        enabled: true
        scope: "user"
      register: services_deploy_rproxy_certbot_timer

    - name: "generate diffie hellman ephemeral parameters"
      ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name}}/dhparam.pem 4096"
      args:
        creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
      register: services_deploy_rproxy_dhparam

    - name: "enable the service"
      ansible.builtin.systemd:
        name: "pod-{{ services_service_name }}.service"
        enabled: true
        scope: "user"

    - name: "start the service"
      ansible.builtin.systemd:
        name: "pod-{{ services_service_name }}.service"
        state: "started"
        scope: "user"
      register: services_deploy_rproxy_service_start

    - name: "restart the service"
      ansible.builtin.systemd:
        name: "pod-{{ services_service_name }}.service"
        state: restarted
        scope: user
      when:
        (services_deploy_rproxy_config_files.changed or
        services_deploy_rproxy_systemd_files.changed or
        services_deploy_rproxy_certbot_timer.changed or
        services_deploy_rproxy_dhparam.changed) and
        not services_deploy_rproxy_service_start.changed

  become_user: "{{ services_service_user_name }}"