- name: Update default SELinux contexts.
  community.general.sefcontext:
    target: "{{ item }}(/.*)?"
    setype: "container_file_t"
    selevel: "{{ caddy_selinux_level }}"
    state: present
  loop:
    - "{{ caddy_install_dir }}/config"
    - "{{ caddy_install_dir }}/data"
    - "{{ caddy_install_dir }}/srv"
  become: true
  notify: "caddy selinux context changed"

- name: Create caddy directories.
  ansible.builtin.file:
    path: "{{ caddy_install_dir }}"
    state: directory
    mode: "0700"
    owner: "root"
    group: "root"
  become: true

- name: Ensure caddy directories and configs exist.
  block:
    - name: Stat caddy config directory.
      ansible.builtin.stat:
        path: "{{ caddy_install_dir }}/config"
      become: true
      register: caddy_stat_config_dir

    - name: Create caddy directories.
      ansible.builtin.file:
        path: "{{ item.path }}"
        state: directory
        owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
        group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
        mode: "0700"
      loop:
        - path: "{{ caddy_install_dir }}/config"
        - path: "{{ caddy_install_dir }}/data"
        - path: "{{ caddy_install_dir }}/srv"
      become: true

    - name: Deploy caddy configs.
      ansible.builtin.template:
        src: Caddyfile.j2
        dest: "{{ caddy_install_dir }}/config/Caddyfile"
        mode: "0600"
        owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
        group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
      become: true
      notify: "caddy config changed"

- name: Ensure container image is present on the host.
  containers.podman.podman_image:
    name: "{{ caddy_container_image }}"
    state: present
    tag: "{{ caddy_image_tag }}"
  become: true

- name: Allow http and https.
  ansible.posix.firewalld:
    service: "{{ item }}"
    zone: public
    permanent: true
    immediate: true
    state: enabled
  loop:
    - http
    - https
  become: true

# Ref: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
- name: Set maximum udp send/receive buffer size to around 2,5MB for quic.
  ansible.posix.sysctl:
    name: "{{ item.name }}"
    value: 2500000
    sysctl_set: true
    state: present
    reload: true
  loop:
    - name: net.core.rmem_max
    - name: net.core.wmem_max
  become: true

- name: Create caddy container / network file.
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "root"
    group: "root"
    mode: "0644"
  loop:
    - src: caddy.container.j2
      dest: /etc/containers/systemd/caddy.container
    - src: caddy.network.j2
      dest: /etc/containers/systemd/caddy.network
  become: true
  notify: "caddy service changed"

- name: Flush handlers.
  ansible.builtin.meta: flush_handlers

- name: Start and enable caddy service.
  ansible.builtin.systemd:
    state: started
    enabled: true
    name: "caddy"
  become: true