- name: Include Debian-specific tasks
  ansible.builtin.include_tasks: debian.yml
  when: ansible_os_family == "Debian"

- name: Include Rocky Linux-specific tasks
  ansible.builtin.include_tasks: rocky.yml
  when: ansible_os_family == "RedHat"

- name: Create MariaDB databases
  community.mysql.mysql_db:
    name: "{{ item.name }}"
    state: present
    login_unix_socket: /var/run/mysqld/mysqld.sock
  loop: "{{ databases }}"
  no_log: "{{ item.pass is defined }}"

- name: Create MariaDB users
  community.mysql.mysql_user:
    name: "{{ item.name }}"
    password: "{{ item.pass }}"
    host: "%"
    state: present
    priv: "{{ item.name }}.*:ALL"
    login_unix_socket: /var/run/mysqld/mysqld.sock
  loop: "{{ databases }}"
  no_log: "{{ item.pass is defined }}"

- name: Create webserver docker-compose directory
  ansible.builtin.file:
    path: "{{ webserver_root }}"
    state: directory
    mode: 0600

- name: Install webserver docker-compose.yml
  ansible.builtin.copy:
    src: docker-compose.yml
    dest: "{{ webserver_root }}/docker-compose.yml"
    mode: 0600
  notify: composeup_webserver

- name: Install docker-compose .env
  ansible.builtin.template:
    src: compose-env.j2
    dest: "{{ webserver_root }}/.env"
    mode: 0600
  notify: composeup_webserver

- name: Allow MariaDB database connections
  community.general.ufw:
    rule: allow
    port: 3306
    proto: tcp
    src: "{{ item }}"
  loop: "{{ mariadb_trust }}"

- name: Add HTTP and HTTPS firewall rule
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
    proto: tcp
  loop:
    - "80"
    - "443"