---
- import_tasks: podman/podman-check.yml
  vars:
    container_name: nginx
    container_image: "{{ image }}"

- name: create nginx container
  become: true
  become_user: "{{ podman_user }}"
  containers.podman.podman_container:
    name: nginx
    image: "{{ image }}"
    entrypoint: ""
    command: ["nginx", "-g", "daemon off;"]
    restart_policy: on-failure:3
    log_driver: journald
    network:
      - host
    cap_add:
      - CAP_NET_BIND_SERVICE
    ports:
      - 80:80
      - 443:443
    volumes:
      - "{{ nginx_path }}/etc:/etc/nginx:ro"
      - "/srv/http/letsencrypt:/srv/http/letsencrypt:z"
      - "/etc/letsencrypt:/etc/letsencrypt:ro"
      - "/usr/local/share/fulfillr-site:/usr/local/share/fulfillr-site:ro"

- name: create systemd startup job for nginx
  include_tasks: podman/systemd-generate.yml
  vars:
    container_name: nginx