---
# Set up Decap OAuth service

- name: Create decap-oauth user
  user:
    name: "{{ devigo_oauth_user }}"
    system: yes
    shell: /usr/sbin/nologin
    home: "{{ devigo_oauth_home }}"
    create_home: yes

- name: Create decap-oauth directories
  file:
    path: "{{ devigo_oauth_home }}"
    state: directory
    owner: "{{ devigo_oauth_user }}"
    group: "{{ devigo_oauth_user }}"
    mode: '0755'

- name: Deploy OAuth environment file
  template:
    src: devigo-decap-oauth.env.j2
    dest: "{{ devigo_oauth_home }}/decap-oauth.env"
    owner: "{{ devigo_oauth_user }}"
    group: "{{ devigo_oauth_user }}"
    mode: '0600'
  notify: restart devigo-decap-oauth

- name: Deploy Quadlet container file
  template:
    src: devigo-decap-oauth.container
    dest: "/etc/containers/systemd/{{ devigo_oauth_container_name }}.container"
    owner: root
    group: root
    mode: '0644'
  notify:
    - reload systemd
    - restart devigo-decap-oauth

- name: Deploy OAuth Caddy configuration
  template:
    src: devigo-decap-oauth.caddy.j2
    dest: "{{ caddy_sites_enabled_dir }}/devigo-decap-oauth.caddy"
    owner: root
    group: "{{ caddy_user }}"
    mode: '0644'
  notify: reload caddy

- name: Enable and start decap-oauth service
  systemd:
    name: "{{ devigo_oauth_container_name }}"
    enabled: yes
    state: started
    daemon_reload: yes