---
- name: Setup Caddy
  hosts: privfrontends
  roles:
    - role: caddy_ansible.caddy_ansible
      caddy_systemd_capabilities_enabled: true
      caddy_config: "{{ lookup('template', './templates/Caddyfile.j2') }}"
      caddy_user: "caddy"
      caddy_home: "/var/lib/caddy"
      # Static weekly builds of caddy with rfc2136 dns plugin
      caddy_url_base: "https://cb.projectsegfau.lt/api/download"
  tasks:
    - name: Copy per-server caddy extras
      copy:
        src: "./templates/{{ inventory_hostname }}/"
        dest: /etc/caddy/
        remote_src: true
        directory_mode: true
- name: Setup docker compose for privacy frontends
  hosts: privfrontends
  vars:
    docker_services:
      - anonymousoverflow
      - beatbump
      - breezewiki
      - gothub
      - gothub-dev
      - invidious
      - librarian
      - libreddit
      - nitter
      - rimgo
      - scribe
      - teddit
      - watchtower
    non_pizza_docker_services:
      - piped
      - searxng-docker
  tasks:
    #
    # community.docker does not support compose 2.0 right now.
    # https://github.com/ansible-collections/community.docker/issues/216
    #
    - name: Update docker compose files and restart those with changes
      include_tasks: docker-tasks.yaml
      with_items: "{{ docker_services }}"
    - name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1)
      include_tasks: docker-tasks.yaml
      with_items: "{{ non_pizza_docker_services }}"

- name: Setup cron jobs
  hosts: privfrontends
  tasks:
    - name: Restart invidious every hour
      cron:
        name: "hourly invidious restart"
        special_time: hourly
        job: "docker restart invidious-invidious-1 && curl https://healthchecks.projectsegfau.lt/ping/{{invidious_hc_uuid}}"
    - name: Restart teddit every hour
      cron:
        name: "hourly teddit restart"
        special_time: hourly
        job: "docker restart teddit && curl https://healthchecks.projectsegfau.lt/ping/{{teddit_hc_uuid}}"