- name: Recovery from original instance outage
  hosts: DR
  tasks:
    - include_vars: ./vault/restic/restic.yml

    - name: Create folder
      ansible.builtin.file:
        path: ~/docker
        state: directory
        mode: '0755'

    - name: Pull backups
      ansible.builtin.shell: |
        unset HISTFILE
        export RESTIC_REPOSITORY={{ RESTIC_REPOSITORY }}
        export AWS_ACCESS_KEY_ID={{ AWS_ACCESS_KEY_ID }}
        export AWS_SECRET_ACCESS_KEY={{ AWS_SECRET_ACCESS_KEY }}
        export RESTIC_PASSWORD={{ RESTIC_PASSWORD }}
        cd ~/docker
        # RESTIC_RESTORE_PATH: verify with 'restic snapshots' before running
        # Updated from /source/gcloud — set the correct snapshot path in vault/restic/restic.yml
        restic restore latest:{{ RESTIC_RESTORE_PATH }} --target ./ --overwrite always

    - name: Start container using Docker Compose
      ansible.builtin.command:
        cmd: docker compose up -d
        chdir: ~/docker

    - name: Pause for 30 seconds to allow containers to stabilize
      ansible.builtin.pause:
        seconds: 30

    - name: Verify all containers are running
      ansible.builtin.shell: |
        expected=$(docker compose config --services | wc -l | tr -d ' ')
        running=$(docker compose ps --status running -q | wc -l | tr -d ' ')
        if [ "$expected" != "$running" ]; then
          echo "FAIL: $running/$expected containers running"
          docker compose ps
          exit 1
        fi
        echo "OK: all $running containers running"
      args:
        chdir: ~/docker
      changed_when: false