- name: Create Planka DB on postgres
  ansible.builtin.include_role:
    role: app/database 
  vars:
    app_name: "planka"

- name: Create container data folder on NAS
  ansible.builtin.include_role:
    role: docker/container-data
  vars:
    dir_name: "planka"

- name: Set facts
  ansible.builtin.set_fact:
    data_path: "{{ container_data_base_path }}/planka"

- name: Create needed subdirectories
  ansible.builtin.file:
    dest: "{{ data_path }}/{{item}}"
    state: directory
    mode: '0777'
  loop:
      - favicons
      - user-avatars
      - background-images
      - attachments

- name: Deploy planka container
  community.docker.docker_container:
    name: "planka"
    image: ghcr.io/plankanban/planka:2.0.0-rc.3
    restart_policy: on-failure
    volumes:
      - "{{ data_path }}/favicons:/app/public/favicons"
      - "{{ data_path }}/user-avatars:/app/public/user-avatars"
      - "{{ data_path }}/background-images:/app/public/background-images"
      - "{{ data_path }}/attachments:/app/private/attachments"
    ports:
      - "{{ port }}:1337"
    env:
      BASE_URL: "{{ url }}"
      DATABASE_URL: "postgresql://planka:password@{{ pg_host }}:5432/planka"
      SECRET_KEY: "27736f8948e37890474af876715b73b5c99ef65e36e5c9ccf6f7e0295ce462c4" 
      LOG_LEVEL: "warn"
      TRUST_PROXY: "true"
      TOKEN_EXPIRES_IN: "365" # In days
      # related: https://github.com/knex/knex/issues/2354
      # As knex does not pass query parameters from the connection string,
      # we have to use environment variables in order to pass the desired values, e.g.
      PGSSLMODE: "disable"
      # Used for per-board notifications
      DEFAULT_LANGUAGE: "en-US"
      # Do not comment out DEFAULT_ADMIN_EMAIL if you want to prevent this user from being edited/deleted
      # DEFAULT_ADMIN_EMAIL: "me@javierfeliz.com" 
      # DEFAULT_ADMIN_PASSWORD: "password" 

      # - OIDC_ISSUER=
      # - OIDC_CLIENT_ID=
      # - OIDC_CLIENT_SECRET=
      # Optionally store in secrets - then OIDC_CLIENT_SECRET should not be set
      # - OIDC_CLIENT_SECRET__FILE=/run/secrets/oidc_client_secret
      # - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=
      # - OIDC_USERINFO_SIGNED_RESPONSE_ALG=
      # - OIDC_SCOPES=openid email profile
      # - OIDC_RESPONSE_MODE=fragment
      # - OIDC_USE_DEFAULT_RESPONSE_MODE=true
      # - OIDC_ADMIN_ROLES=admin
      # - OIDC_PROJECT_OWNER_ROLES=project_owner
      # - OIDC_BOARD_USER_ROLES=board_user
      # - OIDC_CLAIMS_SOURCE=userinfo
      # - OIDC_EMAIL_ATTRIBUTE=email
      # - OIDC_NAME_ATTRIBUTE=name
      # - OIDC_USERNAME_ATTRIBUTE=preferred_username
      # - OIDC_ROLES_ATTRIBUTE=groups
      # - OIDC_IGNORE_USERNAME=true
      # - OIDC_IGNORE_ROLES=true
      # - OIDC_ENFORCED=true

      # TODO: When I set up mxroute or something
      # Email Notifications (https://nodemailer.com/smtp/)
      # - SMTP_HOST=
      # - SMTP_PORT=587
      # - SMTP_NAME=
      # - SMTP_SECURE=true
      # - SMTP_USER=
      # - SMTP_PASSWORD=
      # Optionally store in secrets - then SMTP_PASSWORD should not be set
      # - SMTP_PASSWORD__FILE=/run/secrets/smtp_password
      # - SMTP_FROM="Demo Demo" <demo@demo.demo>
      # - SMTP_TLS_REJECT_UNAUTHORIZED=false