---

- name: Ensure vouch-proxy user '{{ vouch_proxy_user }}' exists
  ansible.builtin.user:
    name: "{{ vouch_proxy_user }}"
    state: present
    system: true
  register: vouch_proxy_user_info

- name: Ensure mounts are created
  ansible.builtin.file:
    dest: "{{ item.path }}"
    state: directory
    owner: "{{ item.owner | default(vouch_proxy_user_info.uid | default(vouch_proxy_user)) }}"
    group: "{{ item.owner | default(vouch_proxy_user_info.group | default(vouch_proxy_user)) }}"
    mode: "{{ item.mode | default('0755') }}"
  loop:
    - path: "{{ vouch_proxy_base_path }}"
    - path: "{{ vouch_proxy_config_path }}"

- name: Ensure config file is templated
  ansible.builtin.copy:
    dest: "{{ vouch_proxy_config_file }}"
    content: "{{ vouch_proxy_config | to_nice_yaml }}"
    owner: "{{ vouch_proxy_user_info.uid | default(vouch_proxy_user) }}"
    group: "{{ vouch_proxy_user_info.group | default(vouch_proxy_user) }}"
    mode: "0640"
  notify:
    - restart-vouch-proxy

- name: Ensure container image is present on host
  community.docker.docker_image:
    name: "{{ vouch_proxy_container_image_reference }}"
    state: present
    source: pull
    force_source: "{{ vouch_proxy_container_image_force_pull | bool }}"

- name: Ensure container '{{ vouch_proxy_container_name }}' is running
  community.docker.docker_container:
    name: "{{ vouch_proxy_container_name }}"
    image: "{{ vouch_proxy_container_image_reference }}"
    env: "{{ vouch_proxy_container_env | default(omit) }}"
    user: "{{ vouch_proxy_user_info.uid | default(vouch_proxy_user) }}"
    ports: "{{ vouch_proxy_container_ports | default(omit) }}"
    volumes: "{{ vouch_proxy_container_volumes | default(omit) }}"
    networks: "{{ vouch_proxy_container_networks | default(omit) }}"
    purge_networks: "{{ vouch_proxy_container_purge_networks | default(omit) }}"
    etc_hosts: "{{ vouch_proxy_container_etc_hosts | default(omit) }}"
    restart_policy: "{{ vouch_proxy_container_restart_policy }}"
    state: started