- name: setup netbird server
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become}}"
  tasks:

  - name: assert specific host or host group
    ansible.builtin.assert:
      that: target != 'servers'

  #
  # bare system (not docker compose)
  #
  # issue with the docker flavored coturn as of May 2025
  # [turn:<placeholder>:3478?transport=udp] is Unavailable, reason: allocate: attribute not found
  # ==> using package instead
  #

  - name: turnserver run-time setup
    ansible.builtin.copy:
      src: templates/default_coturn
      dest: /etc/default/coturn
    diff: true
    notify: restart turnserver

  - name: turnserver daemon setup
    ansible.builtin.template:
      src: templates/turnserver.conf.j2
      dest: /etc/turnserver.conf
      # turnserver user needs read access to the file
      mode: 0644
    diff: true
    notify: restart turnserver

  #
  # docker compose
  #

  - name: management config
    ansible.builtin.template:
      src: templates/management.json.j2
      dest: /opt/vpn/management.json
      group: docker
      mode: 0660
    diff: true
    notify: restart services

  - name: openid config
    ansible.builtin.template:
      src: templates/openid-configuration.json.j2
      dest: /opt/vpn/openid-configuration.json
      group: docker
      mode: 0660
    diff: true
    notify: restart services

  #- name: turnserver config
  #  ansible.builtin.template:
  #    src: templates/turnserver.conf.j2
  #    dest: /opt/vpn/turnserver.conf
  #    group: docker
  #    mode: 0660
  #  diff: true
  #  notify: restart services

  - name: docker compose config
    ansible.builtin.template:
      src: templates/vpn.yml.j2
      dest: /opt/vpn/docker-compose.yml
      group: docker
      mode: 0660
    diff: true
    notify: restart services

#  - name: services are up
#    community.docker.docker_compose_v2:
#      project_src: /opt/vpn
#      files: docker-compose.yml

  # does not do anything as long as the containers are up already
  # todo - this is redundant with the handler in case a service was down
  - name: services are up
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "docker compose up -d"
      chdir: /opt/vpn

  handlers:

  - name: restart turnserver
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "systemctl restart coturn"

  - name: restart services
    community.docker.docker_compose_v2:
      project_src: /opt/vpn
      files: docker-compose.yml
      state: restarted