---

- name: Create user
  user: name=hackmd

- name: Enable https for apt
  apt: name=apt-transport-https

- name: Enable nodesource apt-key
  apt_key: url='https://deb.nodesource.com/gpgkey/nodesource.gpg.key'

- name: Enable nodesource repository
  apt_repository: repo='deb https://deb.nodesource.com/node_8.x stretch main'

- name: Install packages
  apt: name={{ item }}
  with_items:
  - build-essential
  - git
  - nodejs
  - postgresql
  - python-psycopg2

- name: Unpack hackmd
  unarchive: src=https://github.com/hackmdio/codimd/archive/{{ hackmd_version }}.tar.gz dest=/opt owner=hackmd group=hackmd remote_src=yes creates=/opt/codimd-{{ hackmd_version }}
  register: hackmd_unarchive

- name: Create hackmd upload path
  file: path=/opt/codimd/uploads state=directory recurse=yes owner=hackmd group=hackmd

- name: Link hackmd upload path
  file: path=/opt/codimd/uploads dest=/opt/codimd-{{ hackmd_version }}/public/uploads state=link owner=hackmd group=hackmd

- name: Setup hackmd
  command: bin/setup chdir=/opt/codimd-{{ hackmd_version }} creates=/opt/codimd-{{ hackmd_version }}/config.json
  become: true
  become_user: hackmd

- name: Configure hackmd
  template: src=config.json.j2 dest=/opt/codimd-{{ hackmd_version }}/config.json owner=hackmd
  register: hackmd_config
  notify: Restart hackmd

- name: Build hackmd frontend
  command: /usr/bin/npm run build chdir=/opt/codimd-{{ hackmd_version }}
  become: true
  become_user: hackmd
  when: hackmd_unarchive.changed or hackmd_config.changed

- name: Configure PostgreSQL database
  postgresql_db: name={{ hackmd_dbname }}
  become: true
  become_user: postgres

- name: Configure PostgreSQL user
  postgresql_user: db={{ hackmd_dbname }} name={{ hackmd_dbuser }} password={{ hackmd_dbpass }} priv=ALL state=present
  become: true
  become_user: postgres

- name: Configure sequelize
  template: src=_sequelizerc.j2 dest=/opt/codimd-{{ hackmd_version }}/.sequelizerc owner=hackmd

- name: Upgrade database schema
  command: node_modules/.bin/sequelize db:migrate chdir=/opt/codimd-{{ hackmd_version }}
  become: true
  become_user: hackmd
  when: hackmd_unarchive.changed or hackmd_config.changed

- name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ hackmd_domain }}.key -out /etc/nginx/ssl/{{ hackmd_domain }}.crt -days 730 -subj "/CN={{ hackmd_domain }}" creates=/etc/nginx/ssl/{{ hackmd_domain }}.crt
  notify: Restart nginx

- name: Configure certificate manager for hackmd
  template: src=certs.j2 dest=/etc/acertmgr/{{ hackmd_domain }}.conf
  notify: Run acertmgr

- name: Configure vhost
  template: src=vhost.j2 dest=/etc/nginx/sites-available/hackmd
  notify: Restart nginx

- name: Enable vhost
  file: src=/etc/nginx/sites-available/hackmd dest=/etc/nginx/sites-enabled/hackmd state=link
  notify: Restart nginx

- name: Systemd unit for hackmd
  template: src=hackmd.service.j2 dest=/etc/systemd/system/hackmd.service
  notify:
  - Reload systemd
  - Restart hackmd

- name: Start the hackmd service
  service: name=hackmd state=started enabled=yes