---
- hosts: all
  collections:
    - devsec.hardening

  vars:
    compose_files:
      - docker-compose.yml
      - docker-compose.prod.yml

  tasks:
    - name: Find local compose files
      ansible.builtin.stat:
        path: "{{ example_name }}/{{ item }}"
      delegate_to: localhost
      with_items: "{{ compose_files }}"
      register: compose_file_exists

    - name: Fail if local compose files does not exists
      ansible.builtin.fail:
        msg: 'missing {{ item.item }}'
      when: not item.stat.exists
      with_items: "{{ compose_file_exists.results }}"

    - name: Harden SSH
      import_role:
        name: ssh_hardening
      vars:
        ssh_permit_root_login: 'yes'
        ssh_max_auth_retries: 5

    - name: Update repositories cache
      apt:
        update_cache: 'yes'

    - name: Copy Example dir
      ansible.builtin.copy:
        src: "{{ example_name }}"
        dest: /tmp/
        mode: '0600'

    - name: Create and start Docker services
      community.docker.docker_compose:
        project_src: "/tmp/{{ example_name }}"
        files: "{{ compose_files }}"
        pull: 'yes'
      vars:
        ansible_python_interpreter: /usr/local/lib/docker/virtualenv/bin/python3.8