---
- name: Create Authentik directories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - "{{ authentik_data_dir }}"
    - "{{ authentik_data_dir }}/media"
    - "{{ authentik_data_dir }}/media/branding"
    - "{{ authentik_data_dir }}/custom-templates"
    - "{{ authentik_data_dir }}/blueprints"
    - "{{ authentik_data_dir }}/certs"
    - "{{ authentik_data_dir }}/postgres"

- name: Deploy Authentik branding blueprint
  ansible.builtin.template:
    src: branding-blueprint.yaml.j2
    dest: "{{ authentik_data_dir }}/blueprints/sovereign-branding.yaml"
    mode: '0644'

- name: Copy tenant logo to Authentik media
  ansible.builtin.copy:
    src: "{{ tenant_logo_local_path }}"
    dest: "{{ authentik_data_dir }}/media/branding/logo.png"
    mode: '0644'
  when: tenant_logo_local_path | default('') != ''

- name: Deploy Authentik docker-compose
  ansible.builtin.template:
    src: docker-compose.yml.j2
    dest: "{{ authentik_data_dir }}/docker-compose.yml"
    mode: '0644'
  notify: restart authentik

- name: Start Authentik
  community.docker.docker_compose_v2:
    project_src: "{{ authentik_data_dir }}"
    state: present
  when: not (molecule_test_mode | default(false))

- name: Wait for Authentik to be ready
  ansible.builtin.uri:
    url: "http://localhost:9001/-/health/ready/"
    method: GET
    status_code: 200
  register: result
  until: result.status == 200
  retries: 30
  delay: 10
  when: not (molecule_test_mode | default(false))