---

- name: Set docker service full name (required because docker_mounts uses it)
  set_fact:
    authentik_service_name: "authentik{{ '_' + docker_service_suffix if docker_service_suffix is defined else '' }}"

- name: Authentik container
  ansible.builtin.include_role:
    name: service
  vars:
    docker_service: authentik
    docker_image: beryju/authentik:latest
    docker_command:
      - server
    docker_image_http_port: 9000
    docker_database: postgres
    docker_additional_services:
      - redis
    docker_env: "{{ authentik_common_env | combine(authentik_env) }}"
    docker_mounts:
      - path: /media
        name: "media"
      - path: /templates
        name: "templates"
      - path: /certs
        name: "certs"

- name: Authentik worker container
  ansible.builtin.include_role:
    name: service
  vars:
    docker_namespace: authentik
    docker_service: worker
    docker_image: beryju/authentik:latest
    docker_command:
      - worker
    reverse_proxy_type: none
    docker_env: "{{ authentik_common_env | combine(authentik_env) }}"
    docker_mounts:
      - path: /media
        name: "media"
      - path: /templates
        name: "templates"
      - path: /certs
        name: "certs"