---
- name: Prepare Backend Host for BAB
  hosts: bab1.mgmt.toal.ca
  become: true
  tags: deps

  tasks:
    # A FQDN system hostname causes NetworkManager to write the domain suffix as a
    # 'search' entry in /etc/resolv.conf. Docker inherits this into every container.
    # The Appwrite executor uses randomly-generated short hostnames to reach runtime
    # containers via DNS; with a search domain present, those names get the suffix
    # appended, upstream DNS returns SERVFAIL, and musl's resolver does not fall back
    # to the absolute name — breaking function execution with curl error 6.
    - name: Assert system hostname is not a FQDN
      ansible.builtin.assert:
        that: "'.' not in ansible_hostname"
        fail_msg: >-
          System hostname '{{ ansible_hostname }}' is a FQDN. Shorten it first:
          hostnamectl set-hostname {{ ansible_hostname.split('.')[0] }}

    - name: Check for search domain in /etc/resolv.conf
      ansible.builtin.command:
        cmd: grep -c '^search ' /etc/resolv.conf
      register: resolv_search
      changed_when: false
      failed_when: false

    - name: Assert no search domain in /etc/resolv.conf
      ansible.builtin.assert:
        that: resolv_search.rc != 0
        fail_msg: >-
          /etc/resolv.conf contains a 'search' domain. This is typically caused by a
          FQDN system hostname. Shorten the hostname and reconnect the NM interface
          to regenerate resolv.conf without the search entry.

    - name: Update all packages to latest
      ansible.builtin.dnf:
        name: "*"
        state: latest
        update_only: true

    - name: CodeReady Builder Repo Enabled
      community.general.rhsm_repository:
        name: "codeready-builder-for-rhel-9-{{ ansible_architecture }}-rpms"
        state: enabled

    - name: EPEL GPG Key installed
      ansible.builtin.rpm_key:
        key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
        state: present
        fingerprint: 'FF8A D134 4597 106E CE81  3B91 8A38 72BF 3228 467C'

    - name: Add Docker CE repository
      ansible.builtin.yum_repository:
        name: docker-ce
        description: Docker CE Stable
        baseurl: https://download.docker.com/linux/rhel/9/$basearch/stable
        gpgcheck: true
        gpgkey: https://download.docker.com/linux/rhel/gpg
        enabled: true

    - name: Dependencies are installed
      ansible.builtin.dnf:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-compose-plugin
          - https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
        state: present

    - name: Ensure Docker service is enabled and started
      ansible.builtin.systemd:
        name: docker
        enabled: true
        state: started

    - name: Ensure ansible user is in docker group
      ansible.builtin.user:
        name: "{{ ansible_user }}"
        groups: docker
        append: true

- name: Userspace setup
  hosts: bab1.mgmt.toal.ca
  vars:
    appwrite_version: "1.8.1"
    appwrite_dir: /home/ptoal/appwrite
    appwrite_socket: /var/run/docker.sock
    appwrite_web_port: 8080
    appwrite_websecure_port: 8443

  handlers:
    - name: Restart appwrite service
      ansible.builtin.systemd:
        name: appwrite
        state: restarted
      become: true

  tasks:
    - name: Ensure appwrite image pulled from docker hub
      community.docker.docker_image:
        name: appwrite/appwrite
        tag: "{{ appwrite_version }}"
        source: pull
      tags: image

    - name: Ensure appwrite directory exists
      ansible.builtin.file:
        path: "{{ appwrite_dir }}"
        state: directory
        mode: '0755'
      tags: configure

    - name: Deploy Appwrite .env from template
      ansible.builtin.template:
        src: appwrite.env.j2
        dest: "{{ appwrite_dir }}/.env"
        mode: '0600'
      notify: Restart appwrite service
      tags: configure

    - name: Download official production docker-compose.yml
      ansible.builtin.get_url:
        url: "https://appwrite.io/install/compose"
        dest: "{{ appwrite_dir }}/docker-compose.yml"
        mode: '0644'
      notify: Restart appwrite service
      tags: configure

    - name: Apply site-specific customizations to docker-compose.yml
      ansible.builtin.include_tasks:
        file: tasks/patch_appwrite_compose.yml
        apply:
          tags: configure
      tags: configure

    - name: Deploy appwrite systemd unit
      ansible.builtin.template:
        src: appwrite.service.j2
        dest: /etc/systemd/system/appwrite.service
        mode: '0644'
      become: true
      notify: Restart appwrite service
      tags: configure

    - name: Enable and start appwrite systemd service
      ansible.builtin.systemd:
        name: appwrite
        enabled: true
        daemon_reload: true
        state: started
      become: true
      tags: configure

    - name: Prune dangling images after install
      community.docker.docker_prune:
        images: true
        images_filters:
          dangling: true
      tags: image