- name: Install dependencies
  apt:
    name: [postgresql, redis, podman, python3-psycopg2]

- name: Install authentik-*.service
  template:
    src: authentik-{{ item }}.service
    dest: /etc/systemd/system/authentik-{{ item }}.service
  with_items: [server, worker]
  notify:
    - systemctl daemon-reload
    - restart authentik-server
    - restart authentik-worker

- name: Enable authentik-*.service
  service:
    name: "authentik-{{ item }}"
    enabled: true
  with_items: [server, worker]

- name: Configure Authentik environment variables
  template:
    src: authentik.env
    dest: /etc/authentik.env
  notify:
    - restart authentik-server
    - restart authentik-worker

- name: make some folders
  file:
    path: "{{ item }}"
    state: directory
  with_items:
    - /var/lib/authentik/media
    - /var/lib/authentik/templates

- name: configure postgres to listen for connections from containers
  template:
    src: postgres.conf
    dest: /etc/postgresql/15/main/conf.d/listen.conf
  notify:
    - restart postgresql

- name: configure postgres container access
  community.postgresql.postgresql_pg_hba:
    address: 10.88.0.0/24
    contype: host
    databases: authentik
    dest: /etc/postgresql/15/main/pg_hba.conf
  notify:
    - restart postgresql

- name: configure redis
  template:
    src: redis.conf
    dest: /etc/redis/redis.conf
  notify:
    - restart redis

- include_tasks:
    file: postgres.yml
    apply:
      become: true
      become_user: postgres

- name: make override dirs
  file:
    name: "/etc/systemd/system/{{ item }}.service.d"
    state: directory
  with_items: [redis, postgresql@15-main]

- name: configure service overrides to make sure they bind to the podman network
  template:
    src: block-until-podman.conf
    dest: "/etc/systemd/system/{{ item }}.service.d/block-until-podman.conf"
  with_items: [redis, postgresql@15-main]