---
- name: Ensure Pi-Hole data directory exists
  file:
    path: "{{ pi_hole_volume_dir }}"
    state: directory
    owner: root
    group: root
    mode: '0755'
  become: true

- name: Generate Docker Compose file for Pi-Hole
  template:
    src: pi-hole-compose.j2
    dest: /opt/pi-hole/docker-compose.yml
    owner: root
    group: root
    mode: '0644'
  become: true

- name: Ensure Docker network exists
  community.docker.docker_network:
    name: "{{ docker_network_name }}"
    driver: bridge
    state: present

- name: Ensure systemd-resolved is installed
  ansible.builtin.apt:
    name: systemd-resolved
    state: present
  become: true

- name: Disable DNSStubListener in resolved.conf
  ansible.builtin.lineinfile:
    path: /etc/systemd/resolved.conf
    regexp: '^#?DNSStubListener='
    line: 'DNSStubListener=no'
    create: true
    mode: '0644'  # Secure file permissions
  become: true

- name: Restart systemd-resolved service
  ansible.builtin.service:
    name: systemd-resolved
    state: restarted
  become: true
  changed_when: false

- name: Verify port 53 is no longer in use by systemd-resolved
  ansible.builtin.command: ss -tuln | grep ':53'
  register: port_check
  failed_when: port_check.rc == 0 and '127.0.0.53:53' in port_check.stdout
  changed_when: false
  become: true

- name: Ensure Docker service directory exists
  file:
    path: /etc/systemd/system/docker.service.d
    state: directory
    owner: root
    group: root
    mode: '0755'
  become: true

- name: Add custom DNS settings to Docker service
  lineinfile:
    path: /etc/systemd/system/docker.service.d/docker.conf
    create: true
    line: |
      [Service]
      ExecStart=
      ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --dns 8.8.8.8 --dns 8.8.4.4
    regexp: '^ExecStart='
    insertafter: '^\[Service\]'
    state: present
    mode: '0644'
  become: true

- name: Reload systemd daemon
  systemd:
    daemon_reload: true
  become: true

- name: Restart Docker service
  service:
    name: docker
    state: restarted
  become: true

- name: Deploy Pi-Hole container using Docker Compose V2
  community.docker.docker_compose_v2:
    project_src: /opt/pi-hole
    state: present
  become: true

- name: Ensure Pi-Hole container is running
  community.docker.docker_container_info:
    name: "{{ pi_hole_container_name }}"
  register: container_info

- name: Restart Pi-Hole container if not running
  community.docker.docker_container:
    name: "{{ pi_hole_container_name }}"
    state: started
    restart: true
  when: not container_info.container.State.Running

- name: Wait for the container to be fully operational
  command: docker exec {{ pi_hole_container_name }} pihole status
  register: pihole_status
  until: "'Pi-hole blocking is enabled' in pihole_status.stdout"
  retries: 30
  delay: 5
  ignore_errors: true
  changed_when: false