ansible-nas/roles/heimdall/tasks/main.yml

---
- name: Start Heimdall
  block:
    - name: Create Heimdall group
      group:
        name: heimdall
        gid: "{{ heimdall_group_id }}"
        state: present

    - name: Create Heimdall user
      user:
        name: heimdall
        uid: "{{ heimdall_user_id }}"
        state: present
        system: yes
        update_password: on_create
        create_home: no
        group: heimdall

    - name: Create Heimdall Directories
      file:
        path: "{{ item }}"
        state: directory
        owner: heimdall
        group: heimdall
      with_items:
        - "{{ heimdall_data_directory }}"

    - name: Create Heimdall container
      docker_container:
        name: "{{ heimdall_container_name }}"
        image: "{{ heimdall_docker_image }}"
        pull: true
        volumes:
          - "{{ heimdall_data_directory }}:/config:rw"
        env:
          PUID: "{{ heimdall_user_id }}"
          PGID: "{{ heimdall_group_id }}"
          TZ: "{{ ansible_nas_timezone }}"
        ports:
          - "{{ heimdall_port_http }}:80"
          - "{{ heimdall_port_https }}:443"
        restart_policy: unless-stopped
        memory: "{{ heimdall_memory }}"
        labels:
          traefik.enable: "{{ heimdall_available_externally | string }}"
          traefik.http.routers.heimdall.rule: "Host(`{{ heimdall_hostname }}.{{ ansible_nas_domain }}`)"
          traefik.http.routers.heimdall.tls.certresolver: "letsencrypt"
          traefik.http.routers.heimdall.tls.domains[0].main: "{{ ansible_nas_domain }}"
          traefik.http.routers.heimdall.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
          traefik.http.services.heimdall.loadbalancer.server.port: "80"
  when: heimdall_enabled is true

- name: Stop Heimdall
  block:
    - name: Stop Heimdall
      docker_container:
        name: "{{ heimdall_container_name }}"
        state: absent
  when: heimdall_enabled is false