---

- name: Install dependencies
  apt:
    name:
    - git
    - python3-flask
    - python3-flaskext.wtf
    - python3-passlib
    - python3-pyldap
    - python3-redis
    - redis-server
    - uwsgi
    - uwsgi-plugin-python3

- name: Install bk-dss
  git: repo=https://git.binary-kitchen.de/moepman/bk-dss.git dest=/opt/bk-dss depth=1 version={{ dss_version }}
  notify: Restart uwsgi

- name: Configure bk-dss
  template: src=config.cfg.j2 dest=/opt/bk-dss/config.cfg
  notify: Restart uwsgi

- name: Configure uwsgi
  template: src=uwsgi.ini.j2 dest=/etc/uwsgi/apps-available/dss.ini
  notify: Restart uwsgi

- name: Enable uwsgi
  file: src=/etc/uwsgi/apps-available/dss.ini dest=/etc/uwsgi/apps-enabled/dss.ini state=link
  notify: Restart uwsgi

- name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ dss_domain }}.key -out /etc/nginx/ssl/{{ dss_domain }}.crt -days 730 -subj "/CN={{ dss_domain }}" creates=/etc/nginx/ssl/{{ dss_domain }}.crt
  notify: Restart nginx

- name: Configure certificate manager
  template: src=certs.j2 dest=/etc/acertmgr/{{ dss_domain }}.conf
  notify: Run acertmgr

- name: Configure vhosts
  template: src=vhost.j2 dest=/etc/nginx/sites-available/dss
  notify: Restart nginx

- name: Enable vhosts
  file: src=/etc/nginx/sites-available/dss dest=/etc/nginx/sites-enabled/dss state=link
  notify: Restart nginx

- name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
    vhost: "{{ dss_domain }}"