# vim:ft=ansible:
#
# NOTE: This app is currently not fully-functional. It needs a cronjob
# implemented for things like recurring transactions and budgets.
#
# https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/
#
- name: docker deploy firefly
  docker_container:
    name: firefly
    image: fireflyiii/core:latest
    env:
      APP_KEY: "{{ secret_firefly_app_key }}"
      APP_URL: "https://firefly.desu.ltd"
      # We set TRUSTED_PROXIES to * here, which allows any app in the docker
      # network to proxy this. I'm considering this a fine security concession
      # since we can't guarantee the IP of the ingress container
      TRUSTED_PROXIES: "*"
      DB_HOST: "10.0.0.2"
      DB_PORT: "5432"
      DB_CONNECTION: pgsql
      DB_DATABASE: "firefly-desultd"
      DB_USERNAME: "firefly-desultd"
      DB_PASSWORD: "{{ secret_firefly_db_pass }}"
    networks:
      - name: web
        aliases: [ "firefly" ]
    volumes:
      - /data/firefly/export:/var/www/html/storage/export
      - /data/firefly/logs:/var/www/html/storage/logs
      - /data/firefly/upload:/var/www/html/storage/upload
  tags: [ docker, firefly ]
- name: docker deploy firefly importer
  docker_container:
    name: firefly-importer
    image: fireflyiii/data-importer:latest
    # We need to use this workaround with custom DNS servers due to some host
    # entries on the container host
    dns_servers:
      - "8.8.8.8"
      - "8.8.4.4"
    env:
      # This TRUSTED_PROXIES line is still undocumented
      # https://github.com/firefly-iii/firefly-iii/issues/3256
      # God fucking dammit
      TRUSTED_PROXIES: "*"
      FIREFLY_III_ACCESS_TOKEN: "{{ secret_firefly_access_token }}"
      FIREFLY_III_URL: "http://firefly:8080"
      VANITY_URL: "https://firefly.desu.ltd"
    networks:
      - name: web
        aliases: [ "firefly-importer" ]
  tags: [ docker, firefly ]