---
- hosts: bulletinboard
  become: true
  become_method: sudo
  become_user:
  vars:
    httptest_user_www: "/home/httptest/www"
  vars_prompt:
    - name: httptest_password
      prompt: "Enter httptest Password: "
      private: true
      encrypt: sha512_crypt
      confirm: true
      salt_size: 7
  tasks:
    - name: Create httptest user
      ansible.builtin.user:
        name: httptest
        password: "{{ httptest_password }}"
        comment: "Podman user for httpd test host"
        uid: 2000

    - name: Make .bashrc.d directory for httptest user
      ansible.builtin.file:
        path: /home/httptest/.bashrc.d
        owner: httptest
        group: httptest
        mode: "0750"
        state: directory

    - name: Set XDG_RUNTIME_DIR var for httptest user
      ansible.builtin.lineinfile:
        path: /home/httptest/.bashrc.d/systemd
        owner: httptest
        group: httptest
        mode: "0750"
        line: "export XDG_RUNTIME_DIR=/run/user/2000"
        create: true

    - name: Allow httptest user to linger
      ansible.builtin.shell:
        cmd: "loginctl enable-linger 2000"
      
    - name: Make www directory for httptest user
      ansible.builtin.file:
        path: "{{ httptest_user_www }}"
        owner: httptest
        group: httptest
        mode: "0755"
        state: directory

    - name: Make index.html file
      ansible.builtin.lineinfile:
        path: "{{ httptest_user_www }}/index.html"
        owner: httptest
        group: httptest
        mode: "0644"
        line: "<!DOCTYPE html><html><body><h1>TEST</h1></body></html>"
        create: true

    - name: Write subuid user entry for httptest
      ansible.builtin.lineinfile:
        path: /etc/subuid
        line: "httptest:100000:2000"
        insertafter: EOF
        create: true
        state: present

    - name: Write subgid user entry for httptest
      ansible.builtin.lineinfile:
        path: /etc/subgid
        line: "httptest:100000:2000"
        insertafter: EOF
        create: true
        state: present

    - name: Configure firewalld for httpd
      ansible.posix.firewalld:
        port: "8080/tcp"
        state: enabled
        permanent: true
        immediate: true

    - name: Build httpd quadlet
      containers.podman.podman_container:
        name: httptest
        image: "docker.io/library/httpd:latest"
        state: quadlet
        quadlet_filename: "httptest-quadlet"
        quadlet_file_mode: "0640"
        rm: false
        ports: 8080:80
        volumes:
          - "{{ httptest_user_www }}:/usr/local/apache2/htdocs:Z"
        quadlet_options:
          - "AutoUpdate=registry"
          - "Pull=newer"
          - |
            [Install]
            WantedBy=default.target
          - |
            [Unit]
            Description=httpd Test Quadlet
            After=home.mount
      become_user: "httptest"

    - name: Run systemctl --user daemon-reload
      ansible.builtin.systemd_service:
        daemon_reload: true
        scope: user
      become_user: "httptest"

    - name: Run systemctl --user start for httptest-quadlet
      ansible.builtin.systemd_service:
        name: "httptest-quadlet.service"
        scope: user
        state: started
      become_user: "httptest"