---
#adguard/tasks/main.yml
- import_tasks: firewall.yml
  
- name: Create stack and config directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    mode: "0755"
    recurse: yes
  loop: "{{ adguard_base_directories }}"
  
- name: Directory SELinux requirement
  ansible.builtin.set_fact:
    selinux_container_paths: "{{ adguard_base_directories }}"

- import_role:
    name: selinux_containers
    tasks_from: labels

- name: Ensure container app config directories are owned by container UID
  become: true
  file:
    path: "{{ adguard_dir }}/conf"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    recurse: true

- name: Deploy AdGuard configuration template
  template:
    src: AdGuardHome.yaml.j2
    dest: "{{ stack_root }}/adguard/conf/AdGuardHome.yaml"
    mode: '0600'

- name: Deploy AdGuard Quadlet
  template:
    src: adguard.container.j2
    dest: "{{ container_config_dir }}/adguard.container"

- name: Force systemd reload (blocking)
  become: true
  become_user: "{{ container_user }}"
  command: systemctl --user daemon-reload

- name: Wait for quadlet generation
  pause:
    seconds: 1

- name: Start and enable AdGuard service
  become: true
  become_user: "{{ container_user }}"
  systemd:
    name: adguard.service
    scope: user
    state: started