---
#vpn_guard/tasks/main.yml
- name: Get host public IP
  command: curl -s https://ipinfo.io/ip
  register: host_ip
  changed_when: false

- name: Get VPN public IP (via Gluetun)
  become: true
  become_user: "{{ container_user }}"
  command: podman exec gluetun wget -qO- https://ipinfo.io/ip
  register: vpn_ip
  changed_when: false

- name: Fail if VPN is not active (kill switch check)
  fail:
    msg: "VPN is NOT active (host={{ host_ip.stdout }} vpn={{ vpn_ip.stdout }}). Aborting arr stack start."
  when: host_ip.stdout == vpn_ip.stdout

#- name: Start arr stack only after VPN validation
#  become: true
#  become_user: "{{ container_user }}"
#  systemd:
#    name: "{{ item }}.service"
#    enabled: yes
#    state: started
#    scope: user
#  loop: "{{ arr_suite }}"
  
- name: Start arr stack only after VPN validation
  become: true
  become_user: "{{ container_user }}"
  environment:
    XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
  systemd:
    name: "{{ item }}.service"
    enabled: yes
    state: started
    scope: user
  loop: "{{ arr_suite }}"