---

- name: Install packages
  apt:
    name:
    - docker.io
    - docker-compose

- name: Create therapy group
  group: name=therapy

- name: Create therapy user
  user:
    name: therapy
    home: /opt/therapy
    shell: /bin/bash
    group: therapy
    groups: docker

# TODO
# checkout source to /opt/therapy/source - currently done manually

- name: Configure therapy container
  template: src=docker-compose.yml.j2 dest=/opt/therapy/docker-compose.yml
  notify: Restart therapy

- name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ therapy_domain }}.key -out /etc/nginx/ssl/{{ therapy_domain }}.crt -days 730 -subj "/CN={{ therapy_domain }}" creates=/etc/nginx/ssl/{{ therapy_domain }}.crt
  notify: Restart nginx

- name: Configure certificate manager for therapy
  template: src=certs.j2 dest=/etc/acertmgr/{{ therapy_domain }}.conf
  notify: Run acertmgr

- name: Configure vhost
  template: src=vhost.j2 dest=/etc/nginx/sites-available/therapy
  notify: Restart nginx

- name: Enable vhost
  file: src=/etc/nginx/sites-available/therapy dest=/etc/nginx/sites-enabled/therapy state=link
  notify: Restart nginx

- name: Systemd unit for therapy
  template: src=therapy.service.j2 dest=/etc/systemd/system/therapy.service
  notify:
  - Reload systemd
  - Restart therapy

- name: Start the therapy service
  service: name=therapy state=started enabled=yes

- name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
    vhost: "{{ therapy_domain }}"