---
- name: Deploy Tinyauth
  include_role:
    name: docker
  vars:
    name: tinyauth
    image:
      name: ghcr.io/steveiliop56/tinyauth
      tag: v4
    networks:
      - name: homelab
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    env:
      USERS: "{{ TINYAUTH_USERS }}"
      SECRET: "{{ TINYAUTH_SECRET }}"
      APP_URL: "{{ TINYAUTH_APP_URL }}"
      PROVIDERS_POCKETID_CLIENT_ID: "{{ TINYAUTH_GENERIC_CLIENT_ID }}"
      PROVIDERS_POCKETID_CLIENT_SECRET: "{{ TINYAUTH_GENERIC_CLIENT_SECRET }}"
      PROVIDERS_POCKETID_AUTH_URL: "{{ TINYAUTH_GENERIC_AUTH_URL }}"
      PROVIDERS_POCKETID_TOKEN_URL: "{{ TINYAUTH_GENERIC_TOKEN_URL }}"
      PROVIDERS_POCKETID_USER_INFO_URL: "{{ TINYAUTH_GENERIC_USER_URL }}"
      PROVIDERS_POCKETID_SCOPES: "{{ TINYAUTH_GENERIC_SCOPES }}"
      PROVIDERS_POCKETID_NAME: "{{ TINYAUTH_GENERIC_NAME }}"
      PROVIDERS_POCKETID_REDIRECT_URL: "{{ TINYAUTH_REDIRECT_URL }}"
      OAUTH_WHITELIST: "{{ TINYAUTH_OAUTH_WHITELIST }}"
      APP_TITLE: "{{ TINYAUTH_APP_TITLE }}"
      BACKGROUND_IMAGE: "{{ TINYAUTH_BACKGROUND_IMAGE }}"
    labels:
      traefik.enable: "true"
      traefik.http.routers.tinyauth.rule: Host(`auth.fntz.net`)
      traefik.http.routers.tinyauth.entrypoints: webSecure
      traefik.http.routers.tinyauth.tls.certresolver: letsencrypt
      traefik.http.middlewares.tinyauth.forwardauth.address: http://tinyauth:3000/api/auth/traefik