---
- name: Populate active record variables
  ansible.builtin.include_vars:
    file: web.yml

- name: Create Web instance of mastodon
  containers.podman.podman_container:
    name: mastodon
    image: ghcr.io/mastodon/mastodon:v4.5.5
    network:
      - "{{ mastodon_networks['mastodon_internal']['name'] }}"
      - "{{ mastodon_networks['mastodon_external']['name'] }}"
    command: "bundle exec puma -C config/puma.rb"
    env:
      LOCAL_DOMAIN: "wtf.lt"
      REDIS_HOST: redis
      REDIS_PORT: 6379
      DB_HOST: database
      DB_NAME: mastodon
      DB_USER: "{{ mastodon_database.username }}"
      DB_PASS: "{{ mastodon_database.password }}"
      DB_PORT: 5432
      ES_ENABLED: true
      ES_HOST: elasticsearch
      ES_PORT: 9200
      ES_PRESET: single_node_cluster
      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ active_record_encryption.DETERMINISTIC_KEY }}"
      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ active_record_encryption.KEY_DERIVATION_SALT }}"
      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ active_record_encryption.PRIMARY_KEY }}"
      VAPID_PRIVATE_KEY: "{{ vapid.PRIVATE_KEY }}"
      VAPID_PUBLIC_KEY: "{{ vapid.PUBLIC_KEY }}"
      SECRET_KEY_BASE: "{{ secret_key_base }}"
      SMTP_SERVER: "{{ smtp.SERVER }}"
      SMTP_PORT: "{{ smtp.PORT }}"
      SMTP_LOGIN: "{{ smtp.LOGIN }}"
      SMTP_PASSWORD: "{{ smtp.PASSWORD }}"
      SMTP_FROM_ADDRESS: "{{ smtp.FROM_ADDRESS }}"
      # inspect traefik container and add the IP address here
      TRUSTED_PROXY_IP: "127.0.0.1/8,::1/128,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7"
    label:
      traefik.enable: "true"
      traefik.http.routers.mastodon.rule: "Host(`wtf.lt`)"
      traefik.http.middlewares.mastodon-https-redirect.redirectscheme.scheme: "https"
      traefik.http.routers.mastodon.middlewares: "mastodon-https-redirect"
      traefik.http.routers.mastodon-secure.entrypoints: "https"
      traefik.http.routers.mastodon-secure.rule: "Host(`wtf.lt`)"
      traefik.http.routers.mastodon-secure.tls: "true"
      traefik.http.routers.mastodon-secure.tls.certresolver: "lets-encrypt"
      traefik.http.services.mastodon.loadbalancer.server.port: "3000"
    volumes:
      - "/home/apps/mastodon/system:/mastodon/public/system:z"
    generate_systemd:
      new: true
      restart_policy: "always"
      path: "~/.config/systemd/user/"
      force: true
    healthcheck: "curl -s --noproxy localhost localhost:3000/health | grep -q OK"

- name: Activate mastodon web container service
  ansible.builtin.systemd_service:
    name: container-mastodon.service
    state: started
    enabled: true
    scope: user