---
- name: create group
  ansible.builtin.group:
    name: kdc

- name: create user
  ansible.builtin.user:
    name: kdc
    comment: Podman KDC
    group: kdc
    shell: /sbin/nologin

- name: get container source
  ansible.builtin.git:
    dest: /usr/local/src/docker-kdc
    repo: https://github.com/foo-sh/docker-kdc.git
    update: false
  notify: rebuild kdc-container

- name: create service config
  ansible.builtin.template:
    dest: /etc/sysconfig/kdc-container
    src: kdc-container.sysconfig.j2
    mode: 0600
    owner: root
    group: "{{ ansible_wheel }}"

- name: create service file
  ansible.builtin.copy:
    dest: /etc/systemd/system/kdc-container.service
    src: kdc-container.service
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: enable service
  ansible.builtin.service:
    name: kdc-container
    state: started
    enabled: true

- name: copy nginx config
  ansible.builtin.copy:
    dest: /etc/nginx/conf.d/{{ inventory_hostname }}/kdc-container.conf
    content: |
      location /KdcProxy {
        proxy_pass http://127.0.0.1:8001;
      }
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart nginx