- name: install netbird server
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become}}"
  tasks:

  - name: assert specific host or host group
    ansible.builtin.assert:
      that: target != 'servers'

  # beware the daemon gets started with the default config at first
  - name: install coturn package
    ansible.builtin.apt:
      pkg: coturn
      update_cache: yes

  - name: create working directory
    ansible.builtin.file:
      path: /opt/vpn
      state: directory
      group: docker
      mode: 0770
    diff: true

  - name: docker compose config
    ansible.builtin.template:
      src: templates/vpn.yml.j2
      dest: /opt/vpn/docker-compose.yml
      group: docker
      mode: 0660
    diff: true
    notify: restart services

  #- name: pull docker images
  #  ansible.builtin.shell:
  #    # docker's compose not docker-compose
  #    cmd: docker compose pull
  #    chdir: /opt/vpn

  # http://docs.ansible.com/ansible/latest/collections/community/docker/docker_compose_v2_pull_module.html#attribute-check_mode
  # https://github.com/ansible-collections/community.docker/pull/814
  # warning doesn't work in check mode when targetting :latest, even with policy missing
  - name: pull docker images when missing
    community.docker.docker_compose_v2_pull:
      project_src: /opt/vpn
      files: docker-compose.yml
      policy: missing
    notify: restart services

  handlers:

  - name: restart services
    community.docker.docker_compose_v2:
      project_src: /opt/vpn
      files: docker-compose.yml
      state: restarted