---
- name: Nextcloud service
  ansible.builtin.import_role:
    name: service
  vars:
    service_name: nextcloud
    service_container_image: docker.io/library/nextcloud:{{ nextcloud_tag }}
    service_container_http_port: 80
    service_domains: "{{ nextcloud_domains }}"
    service_database_type: postgres
    service_redis: true
    service_container_mounts:
      - type: volume
        source: data
        destination: /var/www/html
    service_container_secrets:
      - name: adminpw
        value: "{{ nextcloud_admin_pw }}"
      - name: harp-shared-key
    service_container_env:
      POSTGRES_HOST: postgres
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD_FILE: /run/secrets/postgres
      REDIS_HOST: redis
      TRUSTED_PROXIES: 10.0.0.0/8
      NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_domains | join(' ') }}"
      NEXTCLOUD_ADMIN_USER: admin
      NEXTCLOUD_ADMIN_PASSWORD_FILE: /run/secrets/adminpw
    service_additional_containers:
      - name: cron
        entrypoint: /cron.sh
      - name: harp
        add_capabilities:
          - CAP_SYS_ADMIN
        image: quay.io/podman/stable:latest
        user: podman
        entrypoint: /entrypoint.sh
        devices:
          - source: /dev/fuse
        mounts:
          - type: template
            source: containers.conf.j2
            destination: /etc/containers/containers.conf
          - type: template
            source: harp_entrypoint.sh.j2
            destination: /entrypoint.sh
            mode: "0755"
          - type: volume
            source: harp-certs
            destination: /certs
#          - type: volume
#            source: harp-containers
#            destination: /home/podman/.local/share/containers
        env: {}
        secrets:
          - name: harp-shared-key
        publish_ports:
          - name: harp
            type: socket
            container_port: 8780
    service_vhost_locations:
      - path: /exapps/*
        proxy_target_socket: /run/nextcloud-harp-socat.sock