---
- name: Copy container build files
  ansible.builtin.copy:
    src: gitolite-cgit
    dest: "{{ DATA_ROOT }}/git"
    owner: "{{ USER }}"
    group: "{{ USER }}"
    mode: preserve

- name: Build gitolite cgit image
  containers.podman.podman_image:
    name: gitolite-cgit
    path: "{{ DATA_ROOT }}/git/gitolite-cgit"
    force: true
  register: cgito_build

- name: Gitolite cgit
  containers.podman.podman_container:
    name: cgito
    image: gitolite-cgit
    network: "{{ NETWORK }}"
    ports:
      - "2222:22"
    env:
      SSH_KEY: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/memzero.pub') }}"
    volumes:
      # Use 'Z' to privately relable selinux contexts.
      - "{{ DATA_ROOT }}/git/repos:/var/lib/git:Z"
    recreate: "{{ cgito_build.changed }}"
  notify: Restart nginx

- name: Open port for gitolite ssh port
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    match: tcp
    destination_port: 2222
    jump: ACCEPT
    comment: Accept gitolite SSH connections.
  become: true