---
- name: Create group
  ansible.builtin.group:
    name: frigate

- name: Create user
  ansible.builtin.user:
    name: frigate
    comment: Podman Frigate
    group: frigate
    shell: /sbin/nologin

- name: Enable user lingering
  ansible.builtin.command:
    argv:
      - loginctl
      - enable-linger
      - frigate
    creates: /var/lib/systemd/linger/frigate

- name: Allow podman to use devices
  ansible.posix.seboolean:
    name: container_use_devices
    state: true
    persistent: true

- name: Allow frigate to connect specific devices
  ansible.builtin.copy:
    dest: /etc/udev/rules.d/99-frigate.rules
    src: 99-frigate.rules
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Reload udev rules

- name: Copy host key
  ansible.builtin.copy:
    dest: "{{ tls_private }}/frigate.key"
    src: "{{ tls_private }}/{{ inventory_hostname }}.key"
    mode: "0640"
    owner: root
    group: frigate
    remote_src: true
  notify: Restart frigate

- name: Create config
  ansible.builtin.template:
    dest: /etc/frigate.yml
    src: frigate.yml.j2
    mode: "0640"
    owner: root
    group: frigate
  notify: Restart frigate

- name: Fix SELinux contexts from data directory
  community.general.sefcontext:
    path: /export/frigate(/.*)?
    setype: container_file_t
  when: ansible_selinux_python_present

- name: Create base directory
  ansible.builtin.file:
    path: /export/frigate
    state: directory
    mode: "0755"
    owner: root
    group: root
    setype: _default

- name: Create data directories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: "0770"
    owner: root
    group: frigate
    setype: _default
  with_items:
    - /export/frigate/config
    - /export/frigate/media

- name: Link data directory
  ansible.builtin.file:
    dest: /srv/frigate
    src: /export/frigate
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

- name: Create service file
  ansible.builtin.template:
    dest: /etc/systemd/system/frigate-container.service
    src: frigate-container.service.j2
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart frigate

- name: Create environment config for service
  ansible.builtin.template:
    dest: /etc/sysconfig/frigate-container
    src: frigate-container.sysconfig.j2
    mode: "0600"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart frigate

- name: Enable service
  ansible.builtin.service:
    name: frigate-container
    state: started
    enabled: true

- name: Copy apache config
  ansible.builtin.copy:
    dest: /etc/httpd/conf.local.d/frigate-container.conf
    content: |
      ProxyPass /frigate/ http://127.0.0.1:8007/
      ProxyPassReverse /frigate/ http://127.0.0.1:8007/

      ProxyPass /frigate/ws ws://127.0.0.1:8007/ws
      ProxyPassReverse /frigate/ws ws://127.0.0.1:8007/ws

      ProxyPass /frigate/live ws://127.0.0.1:8007/live
      ProxyPassReverse /frigate/live ws://127.0.0.1:8007/live


      RewriteEngine on
      RewriteCond %{HTTP:Upgrade} =websocket [NC]
      RewriteRule /(.*)  ws://127.0.0.1:8007/$1 [P,L]
      RewriteCond %{HTTP:Upgrade} !=websocket [NC]
      RewriteRule /(.*)  http://127.0.0.1:8007/$1 [P,L]
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart apache