---
- name: Install Dependencies
  apt:
    pkg:
      - apparmor
      - docker.io
      - python3-docker

- name: Create git USER
  ansible.builtin.user:
    name: git
  register: git_user

- name: Create Data Directory
  file:
    path: "{{ git_user.home }}/gitea/data"
    state: directory
    owner: "{{ git_user.uid }}"
    group: "{{ git_user.group }}"
    mode: '0755'

- name: Create Config Directory
  file:
    path: "{{ git_user.home }}/gitea/config"
    state: directory
    owner: "{{ git_user.uid }}"
    group: "{{ git_user.group }}"
    mode: '0755'

- name: Start Docker Daemon
  systemd:
    name: docker
    enabled: yes
    state: started

- name: Create Gitea container
  community.docker.docker_container:
    name: gitea
    image: "gitea/gitea:{{ gitea['version'] }}-rootless"
    comparisons:
      image: strict
      volumes: strict
      env: strict
    restart_policy: unless-stopped
    volumes:
      - "{{ git_user.home }}/gitea/data:/var/lib/gitea"
      - "{{ git_user.home }}/gitea/config:/etc/gitea"
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "22:2222"
    user: "{{ git_user.uid }}:{{ git_user.group }}"
    env:
      USER_UID: "{{ git_user.uid }}"
      USER_GID: "{{ git_user.group }}"
      GITEA__APP_NAME: "{{ gitea.app_name }}"
      GITEA__RUN_USER: "{{ git_user.name }}"
      GITEA__server__ROOT_URL: "https://{{ system.hostname }}.{{ system.domain }}/"
      GITEA__server__Domain: "{{ system.hostname }}.{{ system.domain }}"
      GITEA__server__SSH_PORT: "22"
      GITEA__service__DISABLE_REGISTRATION:              "{{ gitea.service.disable_registration }}"
      GITEA__service__REQUIRE_SIGNIN_VIEW:               "{{ gitea.service.require_signin_view }}"
      GITEA__service__REGISTER_EMAIL_CONFIRM:            "{{ gitea.service.register_email_confirm }}"
      GITEA__service__ENABLE_NOTIFY_MAIL:                "{{ gitea.service.enable_notify_mail }}"
      GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE:        "{{ gitea.service.default_keep_email_private }}"
      GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "{{ gitea.service.default_allow_create_organization }}"
      GITEA__service__DEFAULT_ENABLE_TIMETRACKING:       "{{ gitea.service.default_enable_timetracking }}"
      GITEA__mailer__ENABLED:                            "{{ gitea.mailer.enabled }}"
      GITEA__mailer__FROM:                               "git@{{ system.hostname }}.{{ system.domain }}"
      GITEA__repository__ENABLE_PUSH_CREATE_USER:        "{{ gitea.repository.enable_push_create_user }}"
      GITEA__repository__ENABLE_PUSH_CREATE_ORG:         "{{ gitea.repository.enable_push_create_org }}"
      GITEA__repository__DEFAULT_PUSH_CREATE_PRIVATE:    "{{ gitea.repository.default_push_create_private }}"