---

- name: Get local public IP
  ansible.builtin.uri:
    url: https://ipinfo.io/ip
    return_content: true
  register: local_public_ip

- name: Get public IP of "{{ forgejo_domain }}"
  ansible.builtin.set_fact:
    target_public_ip: "{{ lookup('community.general.dig', forgejo_domain, '@1.1.1.1') }}"

- name: Deploy letsencrypt certificate (HTTP-01)
  when: local_public_ip == target_public_ip
  ansible.builtin.include_role:
    name: add_cert_http_01
  vars:
    letsencrypt_domain: "{{ forgejo_domain }}"
    letsencrypt_email: "{{ forgejo_server_admin }}"
    letsencrypt_post_hook: systemctl restart apache2

- name: Deploy letsencrypt certificate (DNS-01)
  when: local_public_ip != target_public_ip
  ansible.builtin.include_role:
    name: add_cert_dns_01
  vars:
    letsencrypt_domain: "{{ forgejo_domain }}"
    letsencrypt_email: "{{ forgejo_server_admin }}"
    letsencrypt_post_hook: systemctl restart apache2

- name: Include apache2 tasks
  ansible.builtin.include_tasks: apache2.yml

- name: Include mariadb tasks
  ansible.builtin.include_tasks: mariadb.yml

- name: Include unix tasks
  ansible.builtin.include_tasks: unix.yml

- name: Include binary tasks
  ansible.builtin.include_tasks: binary.yml

- name: Include backup tasks
  ansible.builtin.include_tasks: backup.yml

- name: Include start tasks
  ansible.builtin.include_tasks: start.yml

# fail2ban tasks need the forgejo log file, which should be created when forgejo runs
- name: Include fail2ban tasks
  ansible.builtin.include_tasks: fail2ban.yml

- name: Include logrotate tasks
  ansible.builtin.include_tasks: logrotate.yml

- name: Include repos tasks
  ansible.builtin.include_tasks: repos.yml

- name: Include ssh tasks
  ansible.builtin.include_tasks: ssh.yml