- name: Deploy Graylog
  hosts: all
  become: true

  vars:
    app_name: "graylog"
    forwarder_app_name: "graylog-forwarder"
    docker_users:
      - "{{ ansible_user }}"
      - brock

  pre_tasks:
    - name: Make users passwordless for sudo in group wheel
      lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^%wheel'
        line: '%wheel ALL=(ALL) NOPASSWD: ALL'
        validate: 'visudo -cf %s'

  roles:
    - name: geerlingguy.docker

  tasks:
    - name: Install Server
      when: inventory_hostname in groups["servers"]
      block:
        - name: Install packages
          ansible.builtin.package:
            name:
              - nfs-common
              - python3-docker
            state: present
          tags: vpn

        - name: Mount an NFS volume
          ansible.posix.mount:
            src: 192.168.1.200:/mnt/data-02/share/web
            path: /mnt/share
            opts: "rw,sync,hard,nfsvers=3"
            state: mounted
            fstype: nfs
          tags: mount-nfs

        - name: Create /opt/stacks
          ansible.builtin.file:
            path: "/opt/stacks"
            state: directory
            owner: "{{ ansible_user }}"
            group: docker
            mode: '0775'

        - name: "Create /opt/stacks/{{ app_name }}"
          ansible.builtin.file:
            path: "/opt/stacks/{{ app_name }}"
            state: directory
            owner: "{{ ansible_user }}"
            group: docker
            mode: '0775'

        - name: Copy compose stack
          ansible.builtin.copy:
            src: "./{{ app_name }}/"
            dest: "/opt/stacks/{{ app_name }}"
            owner: "{{ ansible_user }}"
            mode: '0755'
          tags: update-config

        - name: "Start {{ app_name }}"
          community.docker.docker_compose_v2:
            project_src: "/opt/stacks/{{ app_name }}"
            recreate: always
            pull: always
          tags:
            - update-config
            - redeploy