---

- name: Request nsupdate key for certificate
  include_role: name=acme-dnskey-generate

- name: Enable sury php apt-key
  apt_key: url="https://packages.sury.org/php/apt.gpg"

- name: Enable sury php repository
  apt_repository: repo="deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"

- name: Install packages
  apt:
    name:
    - php8.1
    - php8.1-common
    - php8.1-curl
    - php8.1-mysql
    - php8.1-mbstring
    - php8.1-cli
    - php8.1-opcache
    - php8.1-xml
    - php8.1-fpm
    - php8.1-readline
    - mariadb-server
    - python3-mysqldb
    - python3-psycopg2

- name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ strichliste_domain }}.key -out /etc/nginx/ssl/{{ strichliste_domain }}.crt -days 730 -subj "/CN={{ strichliste_domain }}" creates=/etc/nginx/ssl/{{ strichliste_domain }}.crt
  notify: Restart nginx

- name: Configure certificate manager for strichliste
  template: src=certs.j2 dest=/etc/acertmgr/{{ strichliste_domain }}.conf
  notify: Run acertmgr

- name: Create vhost directory
  file: path=/var/www/strichliste state=directory owner=www-data group=www-data

- name: Install Mariadb
  apt:
    name:
    - mariadb-server
    - python3-mysqldb

- name: Configure Mariadb database
  community.mysql.mysql_db: name={{ strichliste_dbname }}
  become: true

- name: Configure Mariadb user
  community.mysql.mysql_user: name={{ strichliste_dbuser }} password={{ strichliste_dbpass }} priv='{{ strichliste_dbname }}.*:ALL' state=present
  become: true

- name: Download strichliste
  get_url: url={{ strichliste_url }} dest=/tmp/ checksum={{ strichliste_checksum }} mode=0755

- name: Unpack strichliste
  unarchive:
    remote_src: true
    src: /tmp/strichliste-v{{ strichliste_version }}.tar.gz
    dest: /var/www/strichliste
    owner: www-data
    group: www-data
  notify: Restart nginx

- name: Configure strichliste database
  lineinfile:
    path: /var/www/strichliste/.env
    regexp: '^DATABASE_URL='
    line: DATABASE_URL="mysql://strichliste:{{ strichliste_dbpass }}@localhost/strichliste"

- name: Configure vhost
  template: src=vhost.j2 dest=/etc/nginx/sites-available/strichliste
  notify: Restart nginx

- name: Enable vhost
  file: src=/etc/nginx/sites-available/strichliste dest=/etc/nginx/sites-enabled/strichliste state=link
  notify: Restart nginx

- name: Start php8.1-fpm
  service: name=php8.1-fpm state=started enabled=yes