- name: Create database
  ansible.builtin.include_role:
    role: app/database
  vars:
    app_name: "{{ outline_db_name }}"

- name: Create data volume
  ansible.builtin.include_role:
    role: docker/container-data
  vars:
    dir_name: "{{ data_dir_name }}"

- name: Deploy Outline Wiki Container
  community.docker.docker_container:
    name: "{{ container_name }}"
    image: docker.getoutline.com/outlinewiki/outline:latest
    ports:
      - "{{ port }}:3000"
    volumes:
      - "{{ container_data_base_path }}/{{ data_dir_name }}:/var/lib/outline/data"
    env:
      URL: "{{ url }}"
      # Generate a hex-encoded 32-byte random key. Use `openssl rand -hex 32` in your
      # terminal to generate a random value.
      SECRET_KEY: "{{ secret_key }}"
      # Generate a unique random key. The format is not important but you could still use
      # `openssl rand -hex 32` in your terminal to generate a random value.
      UTILS_SECRET: "{{ utils_secret_key }}"
      DEFAULT_LANGUAGE: en_US
      DATABASE_URL: "postgres://{{ outline_db_name }}:password@{{ pg_host }}:5432/{{ outline_db_name }}"
      # Uncomment this line if you will not use SSL for connecting to Postgres. This is acceptable
      # if the database and the application are on the same machine.
      PGSSLMODE: "{{ pg_ssl_mode }}"
      REDIS_URL: "redis://{{ lookup('hostip', 'prod_services') }}:6379"
      FILE_STORAGE: "{{ storage_mode }}"
      FILE_STORAGE_UPLOAD_MAX_SIZE: "262144000"
      # Auto-redirect to https in production. The default is true but you may set to
      # false if you can be sure that SSL is terminated at an external loadbalancer.
      FORCE_HTTPS: "true"
      # Generic OIDC provider
      # DOCS: https://docs.getoutline.com/s/hosting/doc/oidc-8CPBm6uC0I
      OIDC_CLIENT_ID: "{{ oidc_client_id }}"
      OIDC_CLIENT_SECRET: "{{ oidc_client_secret }}"
      OIDC_AUTH_URI: "{{ oidc_auth_uri  }}"
      OIDC_TOKEN_URI: "{{ oidc_token_uri  }}"
      OIDC_USERINFO_URI: "{{ oidc_userinfo_uri  }}"
      OIDC_LOGOUT_URI: "{{ oidc_logout_uri }}"

      # Specify which claims to derive user information from
      # Supports any valid JSON path with the JWT payload
      OIDC_USERNAME_CLAIM: preferred_username
      # Display name for OIDC authentication
      OIDC_DISPLAY_NAME: "{{ odic_button_text }}"
      OIDC_SCOPES: openid profile email

      SMTP_SERVICE: "{{  smtp_service }}"
      SMTP_USERNAME: "{{ smtp_username }}"
      SMTP_PASSWORD: "{{ smtp_password }}"
      SMTP_FROM_EMAIL: "{{ smtp_from_email }}"

      # Whether the rate limiter is enabled or not
      RATE_LIMITER_ENABLED: "true"

      # Individual endpoints have hardcoded rate limits that are enabled
      # with the above setting, however this is a global rate limiter
      # across all requests
      RATE_LIMITER_REQUESTS: "1000"
      RATE_LIMITER_DURATION_WINDOW: "60"

      # Have the installation check for updates by sending anonymized statistics to
      # the maintainers
      ENABLE_UPDATES: "true"

      # Debugging categories to enable – you can remove the default "http" value if
      # your proxy already logs incoming http requests and this ends up being duplicative
      DEBUG: "http"

      # Configure lowest severity level for server logs. Should be one of
      # error, warn, info, http, verbose, debug, or silly
      LOG_LEVEL: "info"