---
- name: "include docker-central-database"
  include_role: 
    name: docker-central-database

- name: Set nginx_docker_reverse_proxy_extra_configuration based on applications[application_id].public_api_activated
  set_fact:
    nginx_docker_reverse_proxy_extra_configuration: >-
      {% if not applications[application_id].public_api_activated %}
      {{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
      {% else %}
      ""
      {% endif %}

- name: "include role nginx-domain-setup for {{application_id}}"
  include_role:
    name: nginx-domain-setup
  vars:
    domain: 	"{{ domains[application_id] }}"
    http_port: 	"{{ ports.localhost.http[application_id] }}"

- name: add config.toml
  template: 
    src:  "config.toml.j2" 
    dest: "{{docker_compose.directories.config}}config.toml"
  notify: docker compose project setup

- name: "copy docker-compose.yml and env file"
  include_tasks: copy-docker-compose-and-env.yml

- name: Check if listmonk database is already initialized
  command: docker compose exec -T {{database_host}} psql -U {{database_username}} -d {{database_name}} -c "\dt"
  register: db_tables
  changed_when: false
  failed_when: false

- name: Run Listmonk setup only if DB is empty
  command:
    cmd: docker compose run -T --rm application sh -c "yes | ./listmonk --install"
    chdir: "{{docker_compose.directories.instance}}"
  when: "'No relations found.' in db_tables.stdout"

- name: Build OIDC settings JSON
  set_fact:
    oidc_settings_json: >-
      {{ {
         "enabled":       True,
         "client_id":     oidc.client.id,
         "provider_url":  oidc.client.issuer_url,
         "client_secret": oidc.client.secret
      } | to_json }}

- name: Apply OIDC settings via Docker + here-doc
  shell: |
    docker exec -i {{ database_host }} psql \
      -U {{ database_username }} \
      -d {{ database_name }} <<'EOSQL'
    UPDATE settings
    SET value = '{{ oidc_settings_json }}'::jsonb
    WHERE key = 'security.oidc';
    EOSQL
  args:
    executable: /bin/bash
  when: applications[application_id].features.oidc | bool

- name: Enable hCaptcha and configure keys in Listmonk database
  shell: |
    docker exec -i {{ database_host }} psql \
      -U {{ database_username }} \
      -d {{ database_name }} <<'EOSQL'
    -- enable captcha (boolean true)
    UPDATE settings
    SET value = 'true'::jsonb
    WHERE key = 'security.enable_captcha';

    -- set site key (JSON string)
    UPDATE settings
    SET value = '"{{ applications[application_id].credentials.hcaptcha.site_key }}"'::jsonb
    WHERE key = 'security.captcha_key';

    -- set secret (JSON string)
    UPDATE settings
    SET value = '"{{ applications[application_id].credentials.hcaptcha.secret }}"'::jsonb
    WHERE key = 'security.captcha_secret';
    EOSQL
  args:
    executable: /bin/bash