---
# First-time setup: clone repo, write secrets, pull pre-built images and start stack.
# Images are built and pushed by Gitea CI — this role never builds on the VM.

- name: Clone repo (skipped if already present)
  git:
    repo: "{{ repo_url }}"
    dest: "{{ app_dir }}"
    version: main
    update: false
  become: false

- name: Set ownership of app directory
  file:
    path: "{{ app_dir }}"
    state: directory
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    recurse: true

- name: Template top-level .env (docker-compose MQTT creds + registry)
  template:
    src: root.env.j2
    dest: "{{ app_dir }}/.env"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: "0600"

- name: Template c2-core .env
  template:
    src: c2-core.env.j2
    dest: "{{ app_dir }}/drb-c2-core/.env"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: "0600"

- name: Template discord-bot .env
  template:
    src: discord-bot.env.j2
    dest: "{{ app_dir }}/drb-server-discord-bot/.env"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: "0600"

- name: Template frontend .env
  template:
    src: frontend.env.j2
    dest: "{{ app_dir }}/drb-frontend/.env"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: "0600"

- name: Deploy Caddyfile
  template:
    src: Caddyfile.j2
    dest: /etc/caddy/Caddyfile
    owner: root
    group: root
    mode: "0644"
  notify: Reload Caddy

- name: Log in to container registry
  command: >
    docker login {{ vault_registry_host }}
    -u {{ vault_registry_user }}
    -p {{ vault_registry_token }}
  no_log: true

- name: Pull pre-built images and start stack
  community.docker.docker_compose_v2:
    project_src: "{{ app_dir }}"
    files:
      - docker-compose.yml
      - docker-compose.prod.yml
    pull: always
    build: never
    state: present