---

- name: Create group
  group: name={{ netbox_group }}

- name: Create user
  user: name={{ netbox_user }} home=/home/{{ netbox_user }} group={{ netbox_group }}

- name: Install dependencies
  apt:
    name:
    - build-essential
    - libffi-dev
    - libpq-dev
    - libssl-dev
    - libxml2-dev
    - libxslt1-dev
    - python3-setuptools
    - python3-dev
    - python3-pip
    - python3-venv
    - zlib1g-dev

- name: Install PostgreSQL
  apt:
    name:
    - postgresql
    - python3-psycopg2

- name: Configure PostgreSQL database
  postgresql_db:
    name: "{{ netbox_dbname }}"
  become: true
  become_user: postgres

- name: Configure PostgreSQL user
  postgresql_user:
    db: "{{ netbox_dbname }}"
    name: "{{ netbox_dbuser }}"
    password: "{{ netbox_dbpass }}"
    priv: ALL
    state: present
  become: true
  become_user: postgres

- name: Install redis
  apt: name=redis-server

- name: Unpack netbox
  unarchive:
    src: "https://github.com/netbox-community/netbox/archive/v{{ netbox_version }}.tar.gz"
    dest: /opt
    remote_src: yes
    creates: "/opt/netbox-{{ netbox_version }}"
  register: netbox_unarchive

- name: Configure netbox
  template:
    src: configuration.py.j2
    dest: "/opt/netbox-{{ netbox_version }}/netbox/netbox/configuration.py"
    owner: "{{ netbox_user }}"
    group: "{{ netbox_group }}"
  notify: Restart netbox

- name: Configure gunicorn
  template:
    src: gunicorn.py.j2
    dest: "/opt/netbox-{{ netbox_version }}/gunicorn.py"
    owner: "{{ netbox_user }}"
    group: "{{ netbox_group }}"

- name: Netbox file permissions
  file:
    path: "/opt/netbox-{{ netbox_version }}"
    owner: "{{ netbox_user }}"
    group: "{{ netbox_group }}"
    recurse: yes

- name: Run upgrade script
  command:
    cmd: ./upgrade.sh
    chdir: "/opt/netbox-{{ netbox_version }}"
  become: true
  become_user: "{{ netbox_user }}"
  when: netbox_unarchive.changed

# TODO - still manual work
# * Create a super user
# * Migrate media files

- name: Install netbox housekeeping cronjob
  template:
    src: netbox-housekeeping.sh.j2
    dest: /etc/cron.daily/netbox-housekeeping.sh
    mode: 0755

- name: Ensure certificates are available
  command:
    cmd: >
      openssl req -x509 -nodes -newkey rsa:2048
      -keyout /etc/nginx/ssl/{{ netbox_domain }}.key -out /etc/nginx/ssl/{{ netbox_domain }}.crt
      -days 730 -subj "/CN={{ netbox_domain }}"
    creates: "/etc/nginx/ssl/{{ netbox_domain }}.crt"
  notify: Restart nginx

- name: Request nsupdate key for certificate
  include_role: name=acme-dnskey-generate
  vars:
    acme_dnskey_san_domains:
    - "{{ netbox_domain }}"
  when: "'kitchen' in group_names"

- name: Configure certificate manager for netbox
  template: src=certs.j2 dest=/etc/acertmgr/{{ netbox_domain }}.conf
  notify: Run acertmgr

- name: Configure vhost
  template:
    src: vhost.j2
    dest: /etc/nginx/sites-available/netbox
    owner: root
    mode: "0644"
  notify: Restart nginx

- name: Enable vhost
  file:
    src: /etc/nginx/sites-available/netbox
    dest: /etc/nginx/sites-enabled/netbox
    state: link
  notify: Restart nginx

- name: Install systemd units
  template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
  with_items:
  - netbox
  - netbox-rq
  notify:
  - Reload systemd
  - Restart netbox
  - Restart netbox-rq

- name: Enable services
  service: name={{ item }} state=started enabled=yes
  with_items:
  - netbox
  - netbox-rq

- name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
    vhost: "{{ netbox_domain }}"