---
- name: Collect .env files as templates (with secrets redacted)
  hosts: docker_hosts
  become: yes
  gather_facts: no
  
  tasks:
    - name: Set appdata path
      set_fact:
        appdata_path: "{{ docker_appdata | default('/home/docker/appdata') }}"
    
    - name: Find all .env files
      find:
        paths: "{{ appdata_path }}"
        patterns: ".env"
        recurse: yes
        depth: 3
        hidden: yes
      register: env_files
    
    - name: Read and redact .env files
      shell: |
        cat "{{ item.path }}" | sed -E 's/(PASSWORD|SECRET|KEY|TOKEN|API_KEY)=.*/\1=REDACTED/gi'
      loop: "{{ env_files.files }}"
      loop_control:
        label: "{{ item.path | dirname | basename }}/.env"
      register: redacted_envs
      changed_when: false
    
    - name: Save as .env.example
      delegate_to: localhost
      become: no
      copy:
        content: "{{ item.stdout }}"
        dest: "{{ playbook_dir }}/../compose-files/{{ inventory_hostname }}/{{ item.item.path | dirname | basename }}/.env.example"
        mode: '0644'
      loop: "{{ redacted_envs.results }}"
      loop_control:
        label: "{{ item.item.path | dirname | basename }}/.env.example"
      when: item.stdout | length > 0