---
- name: Setup Caddy
  hosts: privfrontends
  roles:
    - role: caddy-ansible
      caddy_systemd_capabilities_enabled: true
      caddy_config: "{{ lookup('template', './templates/Caddyfile.j2') }}"
      caddy_user: "caddy"
      caddy_home: "/var/lib/caddy"
      caddy_packages: ["github.com/caddy-dns/rfc2136@master"]
      # Static weekly builds of caddy with rfc2136 dns plugin
      caddy_url_base: "https://cb.projectsegfau.lt/api/download"
  tasks:
    # This is run again so config still updates even if i dont run the role which isnt needed most of the time
    - name: Copy Caddyfile
      ansible.builtin.template:
        src: ./templates/Caddyfile.j2
        dest: /etc/caddy/Caddyfile
        mode: preserve
      tags: caddy-non-update
    - name: Copy per-server caddy extras
      ansible.builtin.copy:
        src: "./templates/{{ inventory_hostname }}/"
        dest: /etc/caddy/
        directory_mode: true
        mode: preserve
      tags: caddy-non-update
    - name: Reload Caddy
      ansible.builtin.service:
        name: caddy
        enabled: true
        state: reloaded
      tags: caddy-non-update
- name: Setup docker compose for privacy frontends
  hosts: privfrontends
  vars:
    docker_services:
      - anonymousoverflow
      - breezewiki
      - gothub
      - gothub-dev
      - librarian
      - libreddit
      - nitter
      - rimgo
      - safetwitch
      - scribe
      - simplytranslate
      - teddit
      - watchtower
  tasks:
    # community.docker does not support compose 2.0 right now.
    # https://github.com/ansible-collections/community.docker/issues/216
    - name: Update docker compose files and restart those with changes
      ansible.builtin.include_tasks: docker-tasks.yaml
      with_items: "{{ docker_services }}"
      tags: docker
- name: Setup docker compose for privacy frontends (non-pizza1)
  hosts: in,us
  vars:
    non_pizza_docker_services:
      - searxng
      - hyperpipe
  tasks:
    # community.docker does not support compose 2.0 right now.
    # https://github.com/ansible-collections/community.docker/issues/216
    - name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1)
      ansible.builtin.include_tasks: docker-tasks.yaml
      with_items: "{{ non_pizza_docker_services }}"
      tags: docker

- name: Setup cron jobs
  hosts: privfrontends
  tasks:
    - name: Restart invidious every hour
      ansible.builtin.cron:
        name: "hourly invidious restart"
        special_time: hourly
        job: "docker restart invidious-invidious-1 && curl https://healthchecks.projectsegfau.lt/ping/{{ invidious_hc_uuid }}"
      tags: cron
    - name: Restart teddit every hour
      ansible.builtin.cron:
        name: "hourly teddit restart"
        special_time: hourly
        job: "docker restart teddit && curl https://healthchecks.projectsegfau.lt/ping/{{ teddit_hc_uuid }}"
      tags: cron