---
- name: Verify common role
  hosts: localhost
  gather_facts: false
  vars:
    traefik_data_dir: /tmp/sovereign_test/traefik

  tasks:
    - name: Check traefik data directory exists
      ansible.builtin.stat:
        path: /tmp/sovereign_test/traefik
      register: data_dir_stat

    - name: Assert traefik data directory is present
      ansible.builtin.assert:
        that: data_dir_stat.stat.isdir
        fail_msg: "Data directory /tmp/sovereign_test/traefik was not created"

    - name: Check traefik config directory exists
      ansible.builtin.stat:
        path: /tmp/sovereign_test/traefik/config
      register: config_dir_stat

    - name: Assert traefik config directory is present
      ansible.builtin.assert:
        that: config_dir_stat.stat.isdir
        fail_msg: "Config directory /tmp/sovereign_test/traefik/config was not created"

    - name: Check acme.json exists
      ansible.builtin.stat:
        path: /tmp/sovereign_test/traefik/acme.json
      register: acme_stat

    - name: Assert acme.json is present
      ansible.builtin.assert:
        that: acme_stat.stat.exists
        fail_msg: "acme.json was not created"

    - name: Assert acme.json has mode 0600
      ansible.builtin.assert:
        that: acme_stat.stat.mode == '0600'
        fail_msg: "acme.json does not have mode 0600 (got {{ acme_stat.stat.mode }})"

    - name: Check docker-compose.yml exists
      ansible.builtin.stat:
        path: /tmp/sovereign_test/traefik/docker-compose.yml
      register: compose_stat

    - name: Assert docker-compose.yml was rendered
      ansible.builtin.assert:
        that: compose_stat.stat.exists
        fail_msg: "docker-compose.yml was not rendered for common/traefik"

    - name: Read docker-compose.yml
      ansible.builtin.slurp:
        src: /tmp/sovereign_test/traefik/docker-compose.yml
      register: compose_raw

    - name: Set compose content fact
      ansible.builtin.set_fact:
        compose: "{{ compose_raw.content | b64decode }}"

    - name: Assert traefik image reference in compose
      ansible.builtin.assert:
        that: "'traefik:v3.1' in compose"
        fail_msg: "Expected image 'traefik:v3.1' not found in docker-compose.yml"

    - name: Assert traefik dashboard host rule in compose
      ansible.builtin.assert:
        that: "'Host(`traefik.test.example.com`)' in compose"
        fail_msg: "Expected Host rule for traefik.test.example.com not found in docker-compose.yml"

    - name: Assert GELF logging address in compose
      ansible.builtin.assert:
        that: "'udp://127.0.0.1:12201' in compose"
        fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"

    - name: Assert sovereign network is external in compose
      ansible.builtin.assert:
        that: "'external: true' in compose"
        fail_msg: "Expected 'external: true' not found in docker-compose.yml"

    - name: Assert letsencrypt certificate resolver in compose
      ansible.builtin.assert:
        that: "'letsencrypt' in compose"
        fail_msg: "Expected 'letsencrypt' certificate resolver not found in docker-compose.yml"

    - name: Assert ACME email in compose
      ansible.builtin.assert:
        that: "'admin@test.example.com' in compose"
        fail_msg: "Expected ACME email admin@test.example.com not found in docker-compose.yml"