---
# Ansible Playbook: Fix Gitea-Traefik Connection Issues
# Purpose: Ensure Traefik can reliably reach Gitea by restarting both services
# Usage:
#   ansible-playbook -i inventory/production.yml playbooks/fix-gitea-traefik-connection.yml \
#     --vault-password-file secrets/.vault_pass

- name: Fix Gitea-Traefik Connection
  hosts: production
  vars:
    gitea_stack_path: "{{ stacks_base_path }}/gitea"
    traefik_stack_path: "{{ stacks_base_path }}/traefik"
    gitea_url: "https://{{ gitea_domain }}"

  tasks:
    - name: Get current Gitea container IP
      shell: |
        docker inspect gitea | grep -A 10 'traefik-public' | grep IPAddress | head -1 | awk '{print $2}' | tr -d '",'
      register: gitea_ip
      changed_when: false
      failed_when: false

    - name: Display Gitea IP
      debug:
        msg: "Gitea container IP in traefik-public network: {{ gitea_ip.stdout }}"

    - name: Test direct connection to Gitea from Traefik container
      shell: |
        docker compose -f {{ traefik_stack_path }}/docker-compose.yml exec -T traefik wget -qO- http://{{ gitea_ip.stdout }}:3000/api/healthz 2>&1 | head -3
      register: traefik_gitea_test
      changed_when: false
      failed_when: false

    - name: Display Traefik-Gitea connection test result
      debug:
        msg: "{{ traefik_gitea_test.stdout }}"

    - name: Restart Gitea container to refresh IP
      shell: |
        docker compose -f {{ gitea_stack_path }}/docker-compose.yml restart gitea
      when: traefik_gitea_test.rc != 0

    - name: Wait for Gitea to be ready
      uri:
        url: "{{ gitea_url }}/api/healthz"
        method: GET
        status_code: [200]
        validate_certs: false
        timeout: 10
      register: gitea_health
      until: gitea_health.status == 200
      retries: 30
      delay: 2
      changed_when: false
      when: traefik_gitea_test.rc != 0

    - name: Restart Traefik to refresh service discovery
      shell: |
        docker compose -f {{ traefik_stack_path }}/docker-compose.yml restart traefik
      when: >
        traefik_gitea_test.rc != 0
        and (traefik_auto_restart | default(false) | bool)
      register: traefik_restart
      changed_when: traefik_restart.rc == 0

    - name: Wait for Traefik to be ready
      pause:
        seconds: 10
      when: traefik_restart.changed | default(false) | bool

    - name: Test Gitea via Traefik
      uri:
        url: "{{ gitea_url }}/api/healthz"
        method: GET
        status_code: [200]
        validate_certs: false
        timeout: 10
      register: final_test
      changed_when: false
      when: traefik_restart.changed | default(false) | bool

    - name: Display result
      debug:
        msg: |
          Gitea-Traefik connection test:
          - Direct connection: {{ 'OK' if traefik_gitea_test.rc == 0 else 'FAILED' }}
          - Via Traefik: {{ 'OK' if (final_test.status | default(0) == 200) else 'FAILED' if (traefik_restart.changed | default(false) | bool) else 'SKIPPED (no restart)' }}
          
          {% if traefik_restart.changed | default(false) | bool %}
          Traefik has been restarted to refresh service discovery.
          {% elif traefik_gitea_test.rc != 0 %}
          Note: Traefik restart was skipped (traefik_auto_restart=false). Direct connection test failed.
          {% endif %}