---
- name: Create group
  ansible.builtin.group:
    name: ha

- name: Create user
  ansible.builtin.user:
    name: ha
    comment: Podman HomeAssistant
    group: ha
    shell: /sbin/nologin

- name: Install dependencies
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - bluez
    - git

- name: Enable bluetooth services
  ansible.builtin.service:
    name: bluetooth
    state: started
    enabled: true

- name: Copy SELinux module
  ansible.builtin.copy:
    dest: /usr/local/share/selinux/homeassistant-local.pp
    src: homeassistant-local.pp
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Check if selinux module is loaded
  ansible.builtin.command:
    argv:
      - semodule
      - -l
  register: result
  check_mode: false
  changed_when: false

- name: Install SELinux module
  ansible.builtin.command:
    argv:
      - semodule
      - -i
      - /usr/local/share/selinux/homeassistant-local.pp
  when: '"homeassistant-local" not in result.stdout_lines'

- name: Fix SELinux contexts from config directory
  community.general.sefcontext:
    path: /export/homeassistant(/.*)?
    setype: container_file_t
  when: ansible_selinux_python_present

- name: Allow podman to use devices
  ansible.posix.seboolean:
    name: container_use_devices
    state: true
    persistent: true

- name: Allow ha to connect specific devices
  ansible.builtin.copy:
    dest: /etc/udev/rules.d/99-homeassistant.rules
    src: 99-homeassistant.rules
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Reload udev rules

- name: Create config directory
  ansible.builtin.file:
    path: /export/homeassistant
    state: directory
    mode: "0700"
    owner: ha
    group: ha
    setype: _default

- name: Link config directory
  ansible.builtin.file:
    dest: /srv/homeassistant
    src: /export/homeassistant
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

- name: Copy authentication command
  ansible.builtin.copy:
    dest: /srv/homeassistant/auth-command.sh
    src: auth-command.sh
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
    setype: _default

- name: Create directories for custom integrations
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
    setype: _default
  with_items:
    - /srv/homeassistant/custom_components
    - /srv/homeassistant/downloads

- name: Download extra integrations
  ansible.builtin.git:
    dest: "/srv/homeassistant/downloads/{{ item.name }}"
    repo: "{{ item.repo }}"
    update: true
    version: "{{ item.version }}"
  notify: Restart homeassistant
  with_items: "{{ homeassistant_integrations | default([]) }}"

- name: Link extra integrations
  ansible.builtin.file:
    dest: "/srv/homeassistant/custom_components/{{ item.name }}"
    src: "../downloads/{{ item.name }}/custom_components/{{ item.name }}"
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false
  with_items: "{{ homeassistant_integrations | default([]) }}"

- name: Create service file
  ansible.builtin.template:
    dest: /etc/systemd/system/homeassistant-container.service
    src: homeassistant-container.service.j2
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart homeassistant

- name: Enable service
  ansible.builtin.service:
    name: homeassistant-container
    state: started
    enabled: true

- name: Copy nginx config
  ansible.builtin.copy:
    dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/homeassistant.conf"
    content: |
      location / {
        proxy_pass http://127.0.0.1:8008;
      }
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart nginx