---
- name: Create a new user
  ansible.builtin.include_role:
    name: user
  vars:
    user_username: "{{ actual_username }}"
    user_password: "{{ actual_password }}"
- name: Create a directory for holding actual's (volume) data
  become: true
  become_user: "{{ actual_username }}"
  ansible.builtin.file:
    path: "/home/{{ actual_username }}/actual_data"
    state: directory
    mode: '0700'
- name: Start the podman-restart.service
  become: true
  become_user: "{{ actual_username }}"
  ansible.builtin.systemd:
    name: podman-restart.service
    state: started
    enabled: true
    scope: user
- name: Gather facts on the actual container
  become: true
  become_user: "{{ actual_username }}"
  containers.podman.podman_container_info:
    name: actual-server
  register: actual_server_container_info
- name: Start the actual container with correct systemd linking
  when: "'no such container' in actual_server_container_info.stderr"
  become: true
  become_user: "{{ actual_username }}"
  block:
    - name: Start the Actual container
      containers.podman.podman_container:
        name: actual-server
        image: docker.io/actualbudget/actual-server:24.4.0
        restart_policy: always
        publish:
          - 127.0.0.1:5006:5006
        volumes:
          - "/home/{{ actual_username }}/actual_data:/data"
        state: stopped
        recreate: true
        generate_systemd:
          path: "/home/{{ actual_username }}/.config/systemd/user/"
          restart_policy: always
      notify: Reload systemd (daemon-reload)
    - name: Flush handlers
      ansible.builtin.meta: flush_handlers
    - name: Enable the newly created systemd service for user
      ansible.builtin.systemd:
        name: container-actual-server.service
        state: started
        enabled: true
        scope: user
- name: Install certificate for actual.kleinendorst.info
  become: true
  ansible.builtin.command:
    cmd: register_certbot_domain.sh actual.kleinendorst.info
    creates: /etc/letsencrypt/live/actual.kleinendorst.info # The certificate directory
- name: Set Nginx configuration
  become: true
  ansible.builtin.template:
    src: actual.conf.j2
    dest: /etc/nginx/conf.d/actual.conf
    mode: '0644'
  notify: Restart Nginx
# - name: Allow https through firewall
#   become: true
#   community.general.ufw:
#     rule: allow
#     port: https
#     proto: tcp
#   notify: Restart ufw
- name: Debug
  ansible.builtin.debug:
    msg: "Don't forget to manually add a DNS record for actual.kleinendorst.info pointing to: {{ ansible_facts['default_ipv4']['address'] }}."