---
- name: "Create group"
  ansible.builtin.group:
    name: "{{ diun_user }}"
    state: present
    system: true

- name: "Create user"
  ansible.builtin.user:
    name: "{{ diun_user }}"
    shell: /bin/false
    create_home: false
    password_lock: true
    system: true
    group: "{{ diun_user }}"
    groups: docker
    append: true

- name: "Get download URL"
  ansible.builtin.shell:
    cmd: curl -sL "{{ diun_github_api_url }}" | jq -r '.assets[] | select(.name|match("linux_amd64.tar.gz$")) | .browser_download_url'
  changed_when: false
  register: download_url

- name: "Unarchive binary"
  ansible.builtin.unarchive:
    src: "{{ download_url.stdout }}"
    dest: "{{ diun_binary_path }}"
    remote_src: true
    include: diun
    mode: 0755
    extra_opts:
      - "--strip=1"
      - "--no-anchored"

- name: "Create directories"
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: "{{ diun_user }}"
    group: "{{ diun_user }}"
    mode: 0750
  loop:
    - "{{ diun_configuration_path }}"
    - "{{ diun_home }}"

- name: "Copy configuration files"
  ansible.builtin.template:
    src: "{{ item }}"
    dest: "{{ diun_configuration_path }}"
    mode: 0644
  loop:
    - "{{ diun_configuration_file }}"
    - "{{ diun_provider_image_file }}"

- name: "Copy service file"
  ansible.builtin.template:
    src: diun.service
    dest: /etc/systemd/system/
    mode: 0644
  notify: restart diun

- name: "Enable service"
  ansible.builtin.systemd:
    name: diun
    enabled: true
    daemon_reload: true
    state: started