---
- name: Install dependencies
  apt:
    name: [docker.io, docker-compose-v2]
    state: present
    update_cache: true

- name: Enable and start Docker
  systemd:
    name: docker
    enabled: true
    state: started

- name: Create vaultwarden data directory
  file:
    path: "{{ vaultwarden_data_dir }}"
    state: directory
    owner: root
    group: root
    mode: "0700"

- name: Deploy docker-compose file
  template:
    src: docker-compose.yml.j2
    dest: "{{ vaultwarden_data_dir }}/docker-compose.yml"
    mode: "0600"
  notify: Restart vaultwarden

- name: Start vaultwarden
  community.docker.docker_compose_v2:
    project_src: "{{ vaultwarden_data_dir }}"
    state: present

# ─── Cloudflare Origin Certificate ───────────────────────────────────────────

- name: Create SSL directory
  file:
    path: /etc/nginx/ssl
    state: directory
    owner: root
    group: root
    mode: "0700"

- name: Install Cloudflare origin certificate
  copy:
    content: "{{ cf_origin_cert }}"
    dest: /etc/nginx/ssl/cf-origin.pem
    owner: root
    group: root
    mode: "0600"
  notify: Reload nginx

- name: Install Cloudflare origin key
  copy:
    content: "{{ cf_origin_key }}"
    dest: /etc/nginx/ssl/cf-origin.key
    owner: root
    group: root
    mode: "0600"
  notify: Reload nginx

# ─── nginx ────────────────────────────────────────────────────────────────────

- name: Deploy nginx config
  template:
    src: nginx.conf.j2
    dest: /etc/nginx/sites-available/vaultwarden
    mode: "0644"
  notify: Reload nginx

- name: Enable nginx site
  file:
    src: /etc/nginx/sites-available/vaultwarden
    dest: /etc/nginx/sites-enabled/vaultwarden
    state: link
  notify: Reload nginx