#servarr/tasks/main.yml
- import_tasks: firewall.yml

- name: Create stack and config directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    mode: "0755"
    recurse: yes
  loop: "{{ servarr_base_directories }}"

- name: Directory SELinux requirement
  ansible.builtin.set_fact:
    selinux_container_paths: "{{ servarr_base_directories }}"

- import_role:
    name: selinux_containers
    tasks_from: labels

- name: Ensure systemd directory exists for rootless user
  file:
    path: "{{ container_config_dir }}"
    state: directory
    mode: '0755'
    owner: "{{ container_user }}"
    group: "{{ container_group }}"

- name: Deploy Quadlet files
  template:
    src: "{{ item.src }}"
    dest: "{{ container_config_dir }}/{{ item.dest }}"
  loop: "{{ servarr_stack }}"
  register: quadlets_deployed

- name: Ensure app config directories are writable
  become: true
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    recurse: true
  loop:
    - "{{ radarr_dir }}/config"
    - "{{ sonarr_dir }}/config"
    - "{{ qbittorrent_dir }}/config"
    - "{{ prowlarr_dir }}/config"
    - "{{ bazarr_dir }}/config"

#- name: Force systemd reload (blocking)
#  become: true
#  become_user: "{{ container_user }}"
#  command: systemctl --user daemon-reload
  
- name: Force systemd reload (blocking)
  become: true
  become_user: "{{ container_user }}"
  environment:
    XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
  command: systemctl --user daemon-reload

- name: Validate VPN and start arr stack
  ansible.builtin.import_role:
    name: vpn_guard