---
# TODO: it's not idempotent
- name: Create Sidekiq instance of mastodon
  containers.podman.podman_container:
    name: sidekiq
    image: ghcr.io/mastodon/mastodon:v4.5.5
    network:
      - "{{ mastodon_networks['mastodon_internal']['name'] }}"
      - "{{ mastodon_networks['mastodon_external']['name'] }}"
    command: "bundle exec sidekiq"
    env:
      LOCAL_DOMAIN: "wtf.lt"
      REDIS_HOST: redis
      REDIS_PORT: 6379
      DB_HOST: database
      DB_NAME: mastodon
      DB_USER: "{{ mastodon_database.username }}"
      DB_PASS: "{{ mastodon_database.password }}"
      DB_PORT: 5432
      ES_ENABLED: true
      ES_HOST: elasticsearch
      ES_PORT: 9200
      ES_PRESET: single_node_cluster
      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ active_record_encryption.DETERMINISTIC_KEY }}"
      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ active_record_encryption.KEY_DERIVATION_SALT }}"
      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ active_record_encryption.PRIMARY_KEY }}"
      SECRET_KEY_BASE: "{{ secret_key_base }}"
      SMTP_SERVER: "{{ smtp.SERVER }}"
      SMTP_PORT: "{{ smtp.PORT }}"
      SMTP_LOGIN: "{{ smtp.LOGIN }}"
      SMTP_PASSWORD: "{{ smtp.PASSWORD }}"
      SMTP_FROM_ADDRESS: "{{ smtp.FROM_ADDRESS }}"
      TRUSTED_PROXY_IP: "127.0.0.1/8,::1/128,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7"
    volumes:
      - "/home/apps/mastodon/system:/mastodon/public/system:z"
    generate_systemd:
      new: true
      restart_policy: "always"
      path: "~/.config/systemd/user/"
      force: true
    healthcheck: "ps aux | grep '[s]idekiq 8' || false"

- name: Activate sidekiq container service
  ansible.builtin.systemd_service:
    name: container-sidekiq.service
    state: started
    enabled: true
    scope: user