nult/roles/gitea/tasks/preflight.yml

---
# =============================================================================
# Preflight Checks
# =============================================================================
#
# Validates prerequisites before making any changes.
# Fails fast with clear error messages if requirements are not met.
#
# Reference: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/assert_module.html
# =============================================================================

- name: Verify required variables are defined
  ansible.builtin.assert:
    that:
      - gitea_domain is defined
      - gitea_domain | length > 0
      - gitea_db_password is defined
      - gitea_db_password | length > 0
      - gitea_install_dir is defined
    fail_msg: >-
      Required variables missing. Ensure vault.yml contains:
      vault_gitea_domain, vault_gitea_db_password.
      Ensure inventory contains: gitea_install_dir.
    quiet: true

- name: Check if Docker is installed
  ansible.builtin.command:
    cmd: docker --version
  register: gitea_docker_check
  changed_when: false
  check_mode: false
  failed_when: gitea_docker_check.rc != 0

- name: Verify Docker daemon is running
  ansible.builtin.command:
    cmd: docker info
  register: gitea_docker_info
  changed_when: false
  check_mode: false
  failed_when: gitea_docker_info.rc != 0

- name: Check if Gitea install directory exists
  ansible.builtin.stat:
    path: "{{ gitea_install_dir }}"
  register: gitea_dir_stat

- name: Verify Gitea install directory exists
  ansible.builtin.assert:
    that:
      - gitea_dir_stat.stat.exists
      - gitea_dir_stat.stat.isdir
    fail_msg: "Gitea install directory not found: {{ gitea_install_dir }}"
    quiet: true

- name: Check if docker-compose.yml exists
  ansible.builtin.stat:
    path: "{{ gitea_install_dir }}/docker-compose.yml"
  register: gitea_compose_stat

- name: Verify docker-compose.yml exists
  ansible.builtin.assert:
    that:
      - gitea_compose_stat.stat.exists
    fail_msg: "docker-compose.yml not found in {{ gitea_install_dir }}"
    quiet: true

# Find the mount point containing gitea_install_dir using df command.
# This is more reliable than substring matching on ansible_mounts.
# check_mode: false - df is read-only, safe to run even in --check mode
- name: Find mount point for install directory
  ansible.builtin.command:
    cmd: "df --output=target {{ gitea_install_dir }}"
  register: gitea_df_result
  changed_when: false
  check_mode: false

# Parse mount point from df output (first line is header, second is mount)
- name: Parse mount point from df output
  ansible.builtin.set_fact:
    gitea_mount_point: "{{ gitea_df_result.stdout_lines[-1] | trim }}"

# Look up full mount info (size_available, etc.) from gathered facts
- name: Get mount info from ansible_facts
  ansible.builtin.set_fact:
    gitea_install_mount: "{{ ansible_facts['mounts'] | selectattr('mount', 'equalto', gitea_mount_point) | first }}"

# Check available space: 2GB = 2 * 1024^3 = 2147483648 bytes
- name: Verify sufficient disk space (minimum 2GB)
  ansible.builtin.assert:
    that:
      - gitea_install_mount.size_available > 2147483648
    fail_msg: >-
      Insufficient disk space on {{ gitea_install_mount.mount }}.
      Available: {{ (gitea_install_mount.size_available / 1073741824) | round(2) }}GB.
      Minimum required: 2GB.
    quiet: true

- name: Check if Gitea container is running
  ansible.builtin.command:
    cmd: docker ps --filter "name={{ gitea_container_name }}" --format "{{ '{{' }}.Names{{ '}}' }}"
  register: gitea_container_check
  changed_when: false
  check_mode: false

- name: Display Gitea container status
  ansible.builtin.debug:
    msg: "Gitea container status: {{ 'running' if gitea_container_name in gitea_container_check.stdout else 'not running' }}"

- name: Check if database container is running
  ansible.builtin.command:
    cmd: docker ps --filter "name={{ gitea_db_container_name }}" --format "{{ '{{' }}.Names{{ '}}' }}"
  register: gitea_db_container_check
  changed_when: false
  check_mode: false

- name: Display database container status
  ansible.builtin.debug:
    msg: "Database container status: {{ 'running' if gitea_db_container_name in gitea_db_container_check.stdout else 'not running' }}"

# Verify DNS is configured before proceeding.
# ACME certificate issuance will fail without valid DNS.
- name: Check DNS resolution for domain
  ansible.builtin.command:
    cmd: "dig +short {{ gitea_domain }}"
  register: gitea_dns_check
  changed_when: false
  check_mode: false
  failed_when: false

- name: Display DNS resolution result
  ansible.builtin.debug:
    msg: "DNS for {{ gitea_domain }} resolves to: {{ gitea_dns_check.stdout_lines | default(['UNRESOLVED']) | join(', ') }}"

# Fail if DNS doesn't resolve (can be skipped with gitea_skip_gitea_dns_check=true)
- name: Verify DNS resolves for domain
  ansible.builtin.fail:
    msg: >-
      DNS for {{ gitea_domain }} does not resolve.
      ACME certificate issuance will fail without valid DNS.
      Ensure A record points to this server before proceeding.
      To skip this check, set gitea_skip_gitea_dns_check=true.
  when:
    - gitea_dns_check.stdout | length == 0
    - not (gitea_skip_gitea_dns_check | default(false) | bool)