- name: Update default SELinux contexts
  community.general.sefcontext:
    target: "{{ keycloak_install_dir }}/postgres(/.*)?"
    setype: "container_file_t"
    selevel: "{{ keycloak_selinux_level }}"
    state: present
  become: true
  notify: "keycloak selinux context changed"

- name: Create keycloak directories.
  ansible.builtin.file:
    path: "{{ keycloak_install_dir }}"
    owner: "root"
    group: "root"
    state: directory
    mode: "0700"
  become: true

- name: Ensure keycloak postgres directory exists.
  block:
    - name: Stat keycloak postgres dir.
      ansible.builtin.stat:
        path: "{{ keycloak_install_dir }}/postgres"
      become: true
      register: keycloak_stat_postgres_dir

    - name: Create keycloak postgres directory.
      ansible.builtin.file:
        path: "{{ keycloak_install_dir }}/postgres"
        owner: "{{ keycloak_stat_postgres_dir.stat.uid | default('root') }}"
        group: "{{ keycloak_stat_postgres_dir.stat.gid | default('root') }}"
        state: directory
        mode: "0700"
        setype: "container_file_t"
        selevel: "{{ keycloak_selinux_level }}"
      become: true

- name: Deploy keycloak environment file.
  ansible.builtin.template:
    src: keycloak.env.j2
    dest: "{{ keycloak_install_dir }}/keycloak.env"
    mode: "0600"
    owner: "root"
    group: "root"
  become: true
  notify: "keycloak service changed"

- name: Deploy keycloak postgres environment file.
  ansible.builtin.template:
    src: keycloak-postgres.env.j2
    dest: "{{ keycloak_install_dir }}/keycloak-postgres.env"
    mode: "0600"
    owner: "root"
    group: "root"
  become: true
  notify: "keycloak postgres service changed"

- name: Ensure container image is present on the host.
  containers.podman.podman_image:
    name: "{{ item.name }}"
    state: present
    tag: "{{ item.tag }}"
  loop:
    - name: "{{ keycloak_containerimage }}"
      tag: "{{ keycloak_image_tag }}"
    - name: "{{ keycloak_postgres_containerimage }}"
      tag: "{{ keycloak_postgres_image_tag }}"
  become: true

- name: Add caddy config file.
  block:
    - name: Check caddy config dir.
      ansible.builtin.stat:
        path: "{{ caddy_install_dir }}/config"
      become: true
      register: caddy_stat_config_dir

    - name: Template caddy config for keycloak.
      ansible.builtin.template:
        src: keycloak.caddy.j2
        dest: "{{ caddy_install_dir }}/config/keycloak.caddy"
        mode: "0600"
        setype: "container_file_t"
        selevel: "{{ caddy_selinux_level }}"
        owner: "{{ caddy_stat_config_dir.stat.uid }}"
        group: "{{ caddy_stat_config_dir.stat.gid }}"
      notify: "caddy config changed"
      become: true

- name: Create keycloak container file.
  ansible.builtin.template:
    src: keycloak.container.j2
    dest: "/etc/containers/systemd/keycloak.container"
    owner: "root"
    group: "root"
    mode: "0644"
  become: true
  notify: "keycloak service changed"

- name: Create keycloak postgres container file.
  ansible.builtin.template:
    src: keycloak-postgres.container.j2
    dest: "/etc/containers/systemd/keycloak-postgres.container"
    owner: "root"
    group: "root"
    mode: "0644"
  become: true
  notify: "keycloak postgres service changed"

- name: Create keycloak network file.
  ansible.builtin.template:
    src: keycloak.network.j2
    dest: /etc/containers/systemd/keycloak.network
    owner: root
    group: root
    mode: "0644"
  become: true
  notify: "keycloak network changed"

- name: Flush handlers
  ansible.builtin.meta: flush_handlers

- name: Ensure keycloak services are started.
  ansible.builtin.systemd:
    state: started
    enabled: true
    name: "{{ item }}"
    daemon_reload: true
  loop:
    - keycloak.service
    - keycloak-postgres.service
  become: true