---
- name: Create group
  ansible.builtin.group:
    name: rocketchat

- name: Create user
  ansible.builtin.user:
    name: rocketchat
    comment: Podman Rocket.Chat
    group: rocketchat
    shell: /sbin/nologin

- name: Enable user lingering
  ansible.builtin.command:
    argv:
      - loginctl
      - enable-linger
      - rocketchat
    creates: /var/lib/systemd/linger/rocketchat

- name: Generate combined certificate/private key file contents
  ansible.builtin.command:
    argv:
      - /bin/cat
      - "{{ tls_certs }}/{{ inventory_hostname }}.crt"
      - "{{ tls_private }}/{{ inventory_hostname }}.key"
  changed_when: false
  check_mode: false
  register: rocketchat_cert_key

- name: Create combined certificate/private key file
  ansible.builtin.copy:
    dest: "{{ tls_private }}/rocketchat.pem"
    content: "{{ rocketchat_cert_key.stdout }}"
    mode: "0640"
    owner: root
    group: rocketchat
  notify: Restart rocketchat

- name: Create service config
  ansible.builtin.template:
    dest: /etc/sysconfig/rocketchat-container
    src: rocketchat-container.sysconfig.j2
    mode: "0600"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart rocketchat

- name: Create service file
  ansible.builtin.template:
    dest: /etc/systemd/system/rocketchat-container.service
    src: rocketchat-container.service.j2
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart rocketchat

- name: Enable service
  ansible.builtin.service:
    name: rocketchat-container
    state: started
    enabled: true

- name: Copy nginx config
  ansible.builtin.copy:
    dest: /etc/nginx/conf.d/{{ inventory_hostname }}/rocketchat-container.conf
    content: |
      location /rocketchat/ {
        proxy_pass http://127.0.0.1:8008/;
      }
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart nginx