---
- name: create required drone volumes
  become: true
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: "{{ podman_user }}"
    group: "{{ podman_user }}"
    mode: 0755
  notify: restorecon podman
  loop:
    - "{{ drone_path }}/data"
  tags: drone

- name: flush handlers
  ansible.builtin.meta: flush_handlers
  tags: drone

- name: create drone-ci server container
  become: true
  become_user: "{{ podman_user }}"
  containers.podman.podman_container:
    name: drone
    image: docker.io/drone/drone:2.11.1
    recreate: false
    restart: true
    restart_policy: on-failure
    log_driver: journald
    env:
      DRONE_LOGS_DEBUG: "false"
      DRONE_RPC_DEBUG: "false"
      DRONE_GITHUB_CLIENT_ID: "{{ drone_gh_client_id }}"
      DRONE_GITHUB_CLIENT_SECRET: "{{ drone_gh_client_sec }}"
      DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
      DRONE_SERVER_HOST: "{{ ci_server_name }}"
      DRONE_SERVER_PROTO: "{{ drone_server_proto }}"
      DRONE_USER_FILTER: "{{ drone_user_filter }}"
    volumes:
      - "{{ drone_path }}/data:/data"
    ports:
      - "8080:80"
  tags: drone

- name: create systemd startup job for drone
  include_tasks: systemd-generate.yml
  vars:
    container_name: drone
  tags: drone

- name: create drone-ci worker container
  become: true
  become_user: "{{ podman_user }}"
  containers.podman.podman_container:
    name: drone-runner
    image: docker.io/drone/drone-runner-docker:1.8.1
    recreate: false
    restart: true
    restart_policy: on-failure
    log_driver: journald
    env:
      DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
      DRONE_RPC_HOST: "{{ ci_server_name }}"
      DRONE_RPC_PROTO: "{{ drone_server_proto }}"
      DRONE_RUNNER_CAPACITY: "{{ drone_runner_capacity }}"
    volumes:
      - "/run/user/1002/podman/podman.sock:/var/run/docker.sock"
    ports:
      - "3000:3000"
  tags: drone

- name: create systemd startup job for drone-runner
  include_tasks: systemd-generate.yml
  vars:
    container_name: drone-runner
  tags: drone