---
- name: Ensure application stack destination directory exists
  file:
    path: "{{ application_stack_dest }}"
    state: directory
    mode: '0755'

- name: Check if vault file exists locally
  stat:
    path: "{{ application_vault_file }}"
  delegate_to: localhost
  register: application_vault_stat
  become: no

- name: Optionally load application secrets from vault
  include_vars:
    file: "{{ application_vault_file }}"
  when: application_vault_stat.stat.exists
  no_log: yes
  delegate_to: localhost
  become: no

- name: Check if PostgreSQL .env exists on target host
  stat:
    path: "{{ stacks_base_path }}/postgresql/.env"
  register: application_postgres_env_file
  changed_when: false

- name: Extract PostgreSQL password from .env file
  shell: "grep '^POSTGRES_PASSWORD=' {{ stacks_base_path }}/postgresql/.env 2>/dev/null | cut -d'=' -f2- || echo ''"
  register: application_postgres_password
  changed_when: false
  failed_when: false
  when: application_postgres_env_file.stat.exists
  no_log: yes

- name: Determine application database password
  set_fact:
    application_db_password: >-
      {{ (application_postgres_env_file.stat.exists and application_postgres_password.stdout != '') |
         ternary(application_postgres_password.stdout,
                 vault_db_root_password | default(lookup('password', '/dev/null length=32 chars=ascii_letters,digits,punctuation'))) }}
  no_log: yes

- name: Determine application redis password
  set_fact:
    application_redis_password: "{{ vault_redis_password | default(lookup('password', '/dev/null length=32 chars=ascii_letters,digits,punctuation')) }}"
  no_log: yes

- name: Check if application docker-compose source exists locally
  stat:
    path: "{{ application_stack_src }}/docker-compose.yml"
  delegate_to: localhost
  register: application_compose_src
  become: no

- name: Copy application docker-compose to target host
  copy:
    src: "{{ application_stack_src }}/docker-compose.yml"
    dest: "{{ application_stack_dest }}/docker-compose.yml"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0644'
  when: application_compose_src.stat.exists

- name: Check if nginx configuration exists locally
  stat:
    path: "{{ application_stack_src }}/nginx"
  delegate_to: localhost
  register: application_nginx_src
  become: no

- name: Synchronize nginx configuration
  copy:
    src: "{{ application_stack_src }}/nginx/"
    dest: "{{ application_stack_dest }}/nginx/"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0644'
  when: application_nginx_src.stat.exists

- name: Render application environment file
  template:
    src: "{{ application_env_template }}"
    dest: "{{ application_stack_dest }}/.env"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0600'
  vars:
    db_password: "{{ application_db_password }}"
    db_user: "{{ db_user | default(db_user_default) }}"
    db_name: "{{ db_name | default(db_name_default) }}"
    redis_password: "{{ application_redis_password }}"
    app_domain: "{{ app_domain }}"