---

- name: Create user
  user: name=hackmd

- name: Enable nodesource apt-key
  apt_key: url="https://deb.nodesource.com/gpgkey/nodesource.gpg.key"

- name: Enable nodesource repository
  apt_repository: repo="deb https://deb.nodesource.com/node_14.x/ {{ ansible_distribution_release }} main"

- name: Enable yarnpkg apt-key
  apt_key: url="https://dl.yarnpkg.com/debian/pubkey.gpg"

- name: Enable yarnpkg repository
  apt_repository: repo="deb https://dl.yarnpkg.com/debian/ stable main"

- name: Pin nodejs repository
  blockinfile:
    path: /etc/apt/preferences.d/nodejs
    create: yes
    block: |
      Package: *
      Pin: origin deb.nodesource.com
      Pin-Priority: 600

- name: Install packages
  apt:
    name:
    - build-essential
    - git
    - nodejs
    - postgresql
    - python3-psycopg2
    - yarn

- name: Unpack hedgedoc
  unarchive: src={{ hedgedoc_archive }} dest=/opt owner=hackmd group=hackmd remote_src=yes creates=/opt/hedgedoc-{{ hedgedoc_version }}
  register: hedgedoc_unarchive

- name: Create hedgedoc upload path
  file: path=/opt/hedgedoc/uploads state=directory recurse=yes owner=hackmd group=hackmd

- name: Remove old hedgedoc upload path
  file: path=/opt/hedgedoc-{{ hedgedoc_version }}/public/uploads state=absent force=yes

- name: Link hedgedoc upload path
  file: path=/opt/hedgedoc-{{ hedgedoc_version }}/public/uploads src=/opt/hedgedoc/uploads state=link owner=hackmd group=hackmd

- name: Setup hedgedoc
  command: bin/setup chdir=/opt/hedgedoc-{{ hedgedoc_version }} creates=/opt/hedgedoc-{{ hedgedoc_version }}/config.json
  become: true
  become_user: hackmd

- name: Configure hedgedoc
  template: src=config.json.j2 dest=/opt/hedgedoc-{{ hedgedoc_version }}/config.json owner=hackmd
  register: hedgedoc_config
  notify: Restart hedgedoc

- name: Install hedgedoc frontend deps
  command: /usr/bin/yarn install chdir=/opt/hedgedoc-{{ hedgedoc_version }}
  become: true
  become_user: hackmd
  when: hedgedoc_unarchive.changed or hedgedoc_config.changed

- name: Build hedgedoc frontend
  command: /usr/bin/yarn build chdir=/opt/hedgedoc-{{ hedgedoc_version }}
  become: true
  become_user: hackmd
  when: hedgedoc_unarchive.changed or hedgedoc_config.changed

- name: Configure PostgreSQL database
  postgresql_db: name={{ hedgedoc_dbname }}
  become: true
  become_user: postgres

- name: Configure PostgreSQL user
  postgresql_user: db={{ hedgedoc_dbname }} name={{ hedgedoc_dbuser }} password={{ hedgedoc_dbpass }} priv=ALL state=present
  become: true
  become_user: postgres

- name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ hedgedoc_domain }}.key -out /etc/nginx/ssl/{{ hedgedoc_domain }}.crt -days 730 -subj "/CN={{ hedgedoc_domain }}" creates=/etc/nginx/ssl/{{ hedgedoc_domain }}.crt
  notify: Restart nginx

- name: Configure certificate manager for hedgedoc
  template: src=certs.j2 dest=/etc/acertmgr/{{ hedgedoc_domain }}.conf
  notify: Run acertmgr

- name: Configure vhost
  template: src=vhost.j2 dest=/etc/nginx/sites-available/hedgedoc
  notify: Restart nginx

- name: Enable vhost
  file: src=/etc/nginx/sites-available/hedgedoc dest=/etc/nginx/sites-enabled/hedgedoc state=link
  notify: Restart nginx

- name: Systemd unit for hedgedoc
  template: src=hedgedoc.service.j2 dest=/etc/systemd/system/hedgedoc.service
  notify:
  - Reload systemd
  - Restart hedgedoc

- name: Start the hedgedoc service
  service: name=hedgedoc state=started enabled=yes

- name: Enable monitoring
  include_role: name=icinga-monitor tasks_from=http
  vars:
    vhost: "{{ hedgedoc_domain }}"