- hosts: all

  tasks:
    - name: Install docker
      ansible.builtin.apt:
        name: docker.io
        state: latest
        update_cache: true
      become: true

    - name: Add our user to the docker group, so we don't need sudo/become
      ansible.builtin.user:
        name: '{{ ansible_user }}'
        groups: docker
        append: true # don't remove any existing groups
      become: true

    - name: Reset ssh connection to allow the user/group change to take effect
      ansible.builtin.meta: reset_connection

    - name: Build container image locally
      community.docker.docker_image:
        name: gamearray
        source: build
        state: present
        build:
          path: /mnt/d/cosmovault/latticework/oreilly/percival/python-tdd
          platform: linux/amd64
        force_source: true
      delegate_to: 127.0.0.1

    - name: Export container image locally
      community.docker.docker_image:
        name: gamearray
        archive_path: /tmp/gamearray-img.tar
        source: local
      delegate_to: 127.0.0.1

    - name: Upload image to server
      ansible.builtin.copy:
        src: /tmp/gamearray-img.tar
        dest: /tmp/gamearray-img.tar

    - name: Import container image on server
      community.docker.docker_image:
        name: gamearray
        load_path: /tmp/gamearray-img.tar
        source: load
        force_source: true
        state: present

    - name: Ensure .secret-key files exists
      # the intention is that this only happens once per server
      ansible.builtin.copy:
        dest: ~/.secret-key
        content: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters') }}"
        mode: 0600
        force: false # do not recreate file if it already exists

    - name: Read secret key back from file
      ansible.builtin.slurp:
        src: ~/.secret-key
      register: secret_key

    - name: Ensure db.sqlite3 file exists outside container
      ansible.builtin.file:
        path: "{{ ansible_env.HOME }}/db.sqlite3"
        state: touch
        owner: 1234 # so nonroot user can access it in container
      become: true # needed for ownership change

    - name: Run container
      community.docker.docker_container:
        name: gamearray
        image: gamearray
        state: started
        recreate: true
        env:
          DJANGO_DEBUG_FALSE: "1"
          DJANGO_SECRET_KEY: "{{ secret_key.content | b64decode }}"
          DJANGO_ALLOWED_HOST: "localhost,staging.earthmanrpg.me,www.earthmanrpg.me,dashboard.earthmanrpg.me,earthmanrpg.me,167.172.29.172"
          DJANGO_DB_PATH: "/home/nonroot/db.sqlite3"
          EMAIL_HOST_PASSWORD: "{{ lookup('env', 'EMAIL_HOST_PASSWORD') }}"
        ports:
          80:8888 # container port 80 (standard http port) maps to server port 8888 (arbitrary internal port)

    - name: Run migration inside container
      community.docker.docker_container_exec:
        container: gamearray
        command: ./manage.py migrate