---
- name: Deploy RabbitMQ with Docker Compose
  hosts: ubuntu
  become: true
  vars:
    required_service: rabbitmq
  tasks:
  - name: Check if host has rabbitmq service
    ansible.builtin.set_fact:
      has_rabbitmq_service: "{{required_service in services}}"

  - name: Skip hosts without rabbitmq service
    ansible.builtin.meta: end_host
    when: not has_rabbitmq_service

  - name: Create rabbitmq group
    ansible.builtin.group:
      name: "{{rabbitmq_group}}"

  - name: Create rabbitmq user
    ansible.builtin.user:
      name: "{{rabbitmq_user}}"
      comment: "{{rabbitmq_user}}"
      group: "{{rabbitmq_group}}"
      system: true

  - name: Add group rabbitmq to keeper_user
    ansible.builtin.user:
      name: "{{keeper_user}}"
      groups: "{{rabbitmq_group}}"
      append: true

  - name: Create rabbitmq directory
    ansible.builtin.file:
      path: "{{rabbitmq_directory}}"
      owner: "{{rabbitmq_user}}"
      group: "{{rabbitmq_group}}"
      state: directory
      mode: '750'

  - name: Template docker-compose file
    ansible.builtin.template:
      src: docker-compose.yml.j2
      dest: "{{rabbitmq_directory}}/docker-compose.yml"
      owner: "{{rabbitmq_user}}"
      group: "{{rabbitmq_group}}"
      mode: '550'

  - name: Reset SSH connection to apply group changes
    meta: reset_connection

  - name: Start RabbitMQ service
    community.docker.docker_compose_v2:
      project_src: "{{rabbitmq_directory}}"
      state: present
      pull: always

  - name: Always copy rabbitmqadmin out of RabbitMQ container to host (overwrite if newer)
    ansible.builtin.command:
      cmd: "docker cp rabbitmq:/usr/local/bin/rabbitmqadmin /usr/local/bin/rabbitmqadmin"
    become: true
    register: rabbitmqadmin_copy
    changed_when: rabbitmqadmin_copy.rc == 0
    failed_when: rabbitmqadmin_copy.rc != 0

  - name: Ensure rabbitmqadmin is executable
    ansible.builtin.file:
      path: /usr/local/bin/rabbitmqadmin
      mode: '0755'
      owner: root
      group: root
      state: file

  # --- RabbitMQ provisioning tasks (auto from inventory, run inside docker container) ---

  - name: Ensure RabbitMQ vhosts exist
    ansible.builtin.command:
      cmd: "docker exec rabbitmq rabbitmqctl add_vhost {{ item.name }}"
    loop: "{{ rabbitmq_vhosts }}"
    register: vhost_result
    changed_when: vhost_result.rc == 0
    failed_when: vhost_result.rc != 0 and 'already exists' not in vhost_result.stderr

  - name: Ensure RabbitMQ users exist
    ansible.builtin.command:
      cmd: "docker exec rabbitmq rabbitmqctl add_user {{ item.name }} {{ item.password }}"
    loop: "{{ rabbitmq_users }}"
    register: user_result
    changed_when: user_result.rc == 0
    failed_when: user_result.rc != 0 and 'already exists' not in user_result.stderr
    no_log: true

  - name: Set user tags
    ansible.builtin.command:
      cmd: "docker exec rabbitmq rabbitmqctl set_user_tags {{ item.name }} {{ item.tags | default([]) | join(' ') }}"
    loop: "{{ rabbitmq_users }}"
    when: item.tags is defined
    no_log: true

  - name: Ensure RabbitMQ user permissions are set
    ansible.builtin.command:
      cmd: "docker exec rabbitmq rabbitmqctl set_permissions -p {{ item.vhost }} {{ item.user }} '{{ item.configure_priv }}' '{{ item.write_priv }}' '{{ item.read_priv }}'"
    loop: "{{ rabbitmq_permissions }}"