---
- name: Keycloak install
  ansible.builtin.import_tasks: keycloak-install.yml
- name: TLS certificates
  ansible.builtin.import_tasks: keycloak-certificates.yml
- name: Keycloak providers
  ansible.builtin.import_tasks: keycloak-providers.yml
- name: Keycloak configuration
  ansible.builtin.import_tasks: keycloak-configuration.yml

- name: Manage the keycloak service
  tags:
    - keycloak
    - keycloak_service
    - keycloak_conf
    - keycloak_providers
    - keycloak_providers_jar
  block:
    - name: Install the keycloak systemd unit
      ansible.builtin.template:
        src: keycloak.service.j2
        dest: '/etc/systemd/system/{{ keycloak_service_name }}.service'
        owner: root
        group: root
        mode: "0644"
      notify:
        - Restart Keycloak
        - Reload the systemd service

    - name: Reload the systemd service
      ansible.builtin.meta: flush_handlers

    - name: Ensure that the Keycload service is running and enabled
      ansible.builtin.service:
        name: '{{ keycloak_service_name }}'
        state: started
        enabled: true

    - name: Wait for the service to be up before proceeding
      ansible.builtin.wait_for:
        port: "{% if keycloak_https_enabled %}{{ keycloak_https_port }}{% else %}{{ keycloak_http_port }}{% endif %}"
        delay: 10
        timeout: 90