#SPDX-License-Identifier: MIT-0
---
# tasks file for authentik

- name: Create authentik directories
  file:
    path: "{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - "{{ authentik_docker_compose_dir }}"
    - "{{ authentik_docker_volume_dir }}/data"
    - "{{ authentik_docker_volume_dir }}/certs"
    - "{{ authentik_docker_volume_dir }}/templates"
    - "{{ authentik_docker_volume_dir }}/postgresql"
    - "{{ authentik_docker_volume_dir }}/blueprints"

- name: Create docker-compose file for authentik
  template:
    src: docker-compose.yml.j2
    dest: "{{ authentik_docker_compose_dir }}/docker-compose.yml"
    mode: '0644'

- name: Start authentik containers
  community.docker.docker_compose_v2:
    project_src: "{{ authentik_docker_compose_dir }}"
    state: present
    wait: true
    wait_timeout: 300

- name: Render blueprints
  import_tasks: blueprints.yml

- name: Render blueprint wait script
  template:
    src: wait-for-blueprints.py.j2
    dest: "{{ authentik_docker_volume_dir }}/data/wait-for-blueprints.py"
    mode: '0644'

- name: Wait for custom blueprints to be applied
  community.docker.docker_compose_v2_exec:
    project_src: "{{ authentik_docker_compose_dir }}"
    service: server
    command: ak shell -c "exec(open('/data/wait-for-blueprints.py').read())"
  register: blueprint_wait_result
  changed_when: "'changed' in blueprint_wait_result.stdout"
  retries: 30
  delay: 10
  until: blueprint_wait_result.rc == 0
  when: blueprints_changed

- name: Render LDAP outpost token script
  template:
    src: set-outpost-token.py.j2
    dest: "{{ authentik_docker_volume_dir }}/data/set-outpost-token.py"
    mode: '0644'
  when: authentik_ldap_outpost.name is defined
  register: ldap_token_script

- name: Set known token for LDAP outpost
  community.docker.docker_compose_v2_exec:
    project_src: "{{ authentik_docker_compose_dir }}"
    service: server
    command: ak shell -c "exec(open('/data/set-outpost-token.py').read())"
  register: ldap_token_result
  changed_when: "'changed' in ldap_token_result.stdout"
  retries: 30
  delay: 10
  until: ldap_token_result.rc == 0
  when: authentik_ldap_outpost.name is defined and (blueprints_changed or ldap_token_script.changed)