---
- hosts: all
  gather_facts: false
  tasks:
    - name: Load variables
      include_vars:
        dir: "{{ dokku_lib_root }}/data/ansible/keycloak/vars/"
        extensions:
          - yml

    - name: Set HTTP 80 port proxy
      dokku_ports:
        app: keycloak
        mappings:
          - "http:80:8080"
        state: present

    - name: Setup LE certificates
      shell: dokku letsencrypt keycloak
      args:
        creates: /home/dokku/keycloak/letsencrypt/certs

    - name: Setup LE certificates renew cron job
      shell: dokku letsencrypt:cron-job --add
      args:
        creates: /home/dokku/keycloak/letsencrypt/cron-job

    - name: Create volume mount configuration directories
      file:
        path: "{{ item }}"
        state: directory
        owner: dokku
        group: dokku
      with_items:
        - "/home/dokku/keycloak/letsencrypt/certs/current/key.pem:/etc/x509/https/tls.key"
        - "/home/dokku/keycloak/letsencrypt/certs/current/cert.pem:/etc/x509/https/tls.crt"
      become: true
      register: volume_mounts

    - name: Rebuild the application to mount new volumes
      shell: dokku ps:rebuild keycloak
      when: volume_mounts.changed

    - name: Remove automatically configured ports
      dokku_ports:
        app: keycloak
        mappings:
          - "http:8080:8080"
        state: absent

    - name: Set HTTP 443 port
      dokku_ports:
        app: keycloak
        mappings:
          - "https:443:8080"
        state: present