# SPDX-License-Identifier: MIT-0
---
# Create @localadmin via mas-cli, using the ADMIN_USER_PASSWORD generated
# by secrets.yml. Idempotent: mas-cli rejects duplicates, we ignore that.

- name: Read generated admin password
  ansible.builtin.slurp:
    src: "{{ ess_compose_secrets_dir }}/ADMIN_USER_PASSWORD"
  register: _ess_admin_pw_slurp
  no_log: true

- name: Check whether the admin user already exists
  ansible.builtin.command:
    cmd: >
      docker compose -f {{ _ess_compose_file }}
      exec -T mas
      mas-cli --config /conf/mas-config.yaml
      manage list-users --filter username={{ ess_admin_localpart }}
  register: _ess_admin_check
  changed_when: false
  failed_when: false

- name: Register admin user (mas-cli)
  ansible.builtin.command:
    cmd: >
      docker compose -f {{ _ess_compose_file }}
      exec -T mas
      mas-cli --config /conf/mas-config.yaml
      manage register-user --yes
      --password {{ (_ess_admin_pw_slurp.content | b64decode).strip() | quote }}
      --admin
      {{ ess_admin_localpart }}
  register: _ess_admin_create
  changed_when: "'created' in (_ess_admin_create.stdout + _ess_admin_create.stderr) | lower"
  failed_when:
    - _ess_admin_create.rc != 0
    - "'already exists' not in (_ess_admin_create.stdout + _ess_admin_create.stderr) | lower"
  no_log: true
  when: ess_admin_localpart not in _ess_admin_check.stdout

- name: Login hint
  ansible.builtin.debug:
    msg: |
      Stack is up.
      Admin user:  @{{ ess_admin_localpart }}:{{ ess_server_name }}
      Password is in {{ ess_compose_secrets_dir }}/ADMIN_USER_PASSWORD on this host.
      Element Web:    https://{{ ess_hostnames.element_web }}
      Element Admin:  https://{{ ess_hostnames.element_admin }}