---
- name: Set fact if this host should run Keycloak
  ansible.builtin.set_fact:
    is_keycloak_host: "{{ inventory_hostname in (services | selectattr('name', 'equalto', 'keycloak') | map(attribute='vm') | first) }}"

- name: Create Keycloak directories
  ansible.builtin.file:
    path: "{{ docker.directories.local }}/keycloak/"
    owner: "{{ ansible_user_id }}"
    group: "{{ ansible_user_id }}"
    state: directory
    mode: "0755"
  when: is_keycloak_host | bool
  become: true

- name: Setup Keycloak realms
  ansible.builtin.template:
    src: "templates/keycloak/realm.json.j2"
    dest: "{{ docker.directories.local }}/keycloak/{{ keycloak.realm }}-realm.json"
    owner: "{{ ansible_user_id }}"
    group: "{{ ansible_user_id }}"
    mode: "644"
    backup: true
  when: is_keycloak_host | bool
  loop: "{{ keycloak_config.realms }}"
  loop_control:
    loop_var: keycloak
  notify:
    - Restart docker
    - Restart compose
  become: true