---
# coturn/tasks/main.yml
- import_tasks: firewall.yml
  
- name: Create stack and config directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    mode: "0755"
    recurse: yes
  loop: "{{ coturn_base_directories }}"

- name: Directory SELinux requirement
  ansible.builtin.set_fact:
    selinux_container_paths: "{{ coturn_base_directories }}"

- import_role:
    name: selinux_containers
    tasks_from: labels

- name: Ensure container app config directories are owned by container UID
  become: true
  file:
    path: "{{ coturn_dir }}/conf"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    recurse: true
    
- name: Deploy Turnserver configuration template
  template:
    src: turnserver.conf.j2
    dest: "{{ coturn_config_dir }}/turnserver.conf"
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    mode: '0600'

- name: Deploy Coturn Quadlet
  template:
    src: coturn.container.j2
    dest: "{{ container_config_dir }}/coturn.container"
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    mode: '0644'

- name: Force systemd reload (blocking)
  become: true
  become_user: "{{ container_user }}"
  environment:
    XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
  command: systemctl --user daemon-reload

- name: Wait for quadlet generation
  pause:
    seconds: 1

- name: Start and enable Coturn service
  become: true
  become_user: "{{ container_user }}"
  environment:
    XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
  systemd:
    name: coturn.service
    scope: user
    state: started
    enabled: true