- name: Install MariaDB Server
  ansible.builtin.dnf:
    name: mariadb-server
    state: present

- name: Change the bind-address to allow Docker
  ansible.builtin.lineinfile:
    path: /etc/my.cnf.d/mariadb-server.cnf
    regex: "^bind-address"
    line: "bind-address            = 0.0.0.0"
  notify: restart_mariadb

- name: Start and enable MariaDB service
  ansible.builtin.systemd:
    name: mariadb
    state: started
    enabled: true

- name: Install MySQL Support for Python 3
  ansible.builtin.dnf:
    name: python3-PyMySQL
    state: present

- name: Create MariaDB databases
  community.mysql.mysql_db:
    name: "{{ item.name }}"
    state: present
    login_unix_socket: /var/lib/mysql/mysql.sock
  loop: "{{ databases }}"
  no_log: true

- name: Create MariaDB users
  community.mysql.mysql_user:
    name: "{{ item.name }}"
    password: "{{ item.pass }}"
    host: "%"
    state: present
    priv: "{{ item.name }}.*:ALL"
    login_unix_socket: /var/lib/mysql/mysql.sock
  loop: "{{ databases }}"
  no_log: true

- name: Create webserver stack directory
  ansible.builtin.file:
    path: /home/oci/webserver
    state: directory
    mode: "700"
    owner: oci
    group: oci

- name: Install webserver compose file
  ansible.builtin.copy:
    src: docker-compose.yml
    dest: /home/oci/webserver/compose.yml
    mode: "600"
    owner: oci
    group: oci
  notify: Start podman compose project

- name: Generate webserver environment configuration
  ansible.builtin.template:
    src: compose-env.j2
    dest: /home/oci/webserver/.env
    mode: "644"
    owner: oci
    group: oci
  notify: Start podman compose project

- name: Enable IP forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    state: present
    reload: true

- name: Allow port 80 in firewall
  ansible.posix.firewalld:
    port: 80/tcp
    permanent: true
    state: enabled
    immediate: true

- name: Forward port 80 to 8080
  ansible.posix.firewalld:
    rich_rule: 'rule family="ipv4" forward-port port="80" protocol="tcp" to-port="8080"'
    permanent: true
    state: enabled
    immediate: true

- name: Allow port 443 in firewall
  ansible.posix.firewalld:
    port: 443/tcp
    permanent: true
    state: enabled
    immediate: true

- name: Forward port 443 to 8443
  ansible.posix.firewalld:
    rich_rule: 'rule family="ipv4" forward-port port="443" protocol="tcp" to-port="8443"'
    permanent: true
    state: enabled
    immediate: true