---
- name: Ensure the directory exist
  file:
     path: /var/local/keycloak
     state: directory

- name: Ensure the user keycloak exists
  user:
    name: keycloak
    create_home: no
    password_lock: yes

- name: Retrieve info about users
  getent:
    database: passwd

- name: Warning
  debug:
    msg: This is a test server, do not use in production

- name: Copy env variables
  template:
    src: dot_env.j2
    dest: /var/local/keycloak/.env
    mode: 0400
    owner: root
    group: staff

- name: Ensure the certificate directory exist
  file:
    path: /var/local/keycloak/certificates
    state: directory

- name: Copy key
  copy:
    src: /var/certificates/{{ server_hostname }}_privkey.pem
    dest: /var/local/keycloak/certificates/tls.key
    remote_src: yes
    owner: keycloak
    group: keycloak
    mode: 0644 # 0600 
# I wanted to limite read access to the private key to one "keycloak" user,
# but It doesn't works because the user running some script inside the container
# has a fix uid (1000) and obviously this uid is taken on the host by the first
# user created... I hope you're serveur is well protected...

- name: Copy certificate
  copy:
    src: /var/certificates/{{ server_hostname }}_cert.pem
    dest: /var/local/keycloak/certificates/tls.crt
    remote_src: yes
    owner: keycloak
    group: keycloak

- name: Copy docker-compose.yml
  template:
    src: docker-compose.yml.j2
    dest: /var/local/keycloak/docker-compose.yml
    mode: 0644
    owner: root
    group: staff

- name: Start the container
  docker_compose:
    project_src: /var/local/keycloak