---

- name: Create group
  group: name={{ netbox_group }}

- name: Create user
  user: name={{ netbox_user }} home=/home/{{ netbox_user }} group={{ netbox_group }}

- name: Install dependencies
  apt:
    name:
    - build-essential
    - libffi-dev
    - libpq-dev
    - libssl-dev
    - libxml2-dev
    - libxslt1-dev
    - python-setuptools
    - python3-dev
    - python3-pip
    - python3-venv
    - zlib1g-dev

- name: Install PostgreSQL
  apt:
    name:
    - postgresql
    - python-psycopg2

- name: Configure PostgreSQL database
  postgresql_db:
    name: '{{ netbox_dbname }}'
  become: true
  become_user: postgres

- name: Configure PostgreSQL user
  postgresql_user:
    db: '{{ netbox_dbname }}'
    name: '{{ netbox_dbuser }}'
    password: '{{ netbox_dbpass }}'
    priv: ALL
    state: present
  become: true
  become_user: postgres

- name: Install redis
  apt: name=redis-server

# TODO configure redis?

- name: Unpack netbox
  unarchive:
    src: 'https://github.com/netbox-community/netbox/archive/v{{ netbox_version }}.tar.gz'
    dest: /opt
    remote_src: yes
    creates: '/opt/netbox-{{ netbox_version }}'

- name: Configure netbox
  template:
    src: configuration.py.j2
    dest: '/opt/netbox-{{ netbox_version }}/netbox/netbox/configuration.py'
    owner: '{{ netbox_user }}'
    group: '{{ netbox_group }}'

- name: Install venv
  pip:
    requirements: '/opt/netbox-{{ netbox_version }}/requirements.txt'
    virtualenv: '/opt/netbox-{{ netbox_version }}/venv'
    virtualenv_command: '/usr/bin/python3 -m venv'

- name: Netbox file permissions
  file:
    path: '/opt/netbox-{{ netbox_version }}'
    owner: '{{ netbox_user }}'
    group: '{{ netbox_group }}'
    mode: preserve
    state: directory
    recursive: yes
    create: no

# TODO - still manual work
# * Run Database Migrations
# * Create a Super User
# * Collect Static Files
# * Gunicorn Configuration
# * systemd Configuration

- name: Ensure certificates are available
  command:
    cmd: >
      openssl req -x509 -nodes -newkey rsa:2048
      -keyout /etc/nginx/ssl/{{ netbox_domain }}.key -out /etc/nginx/ssl/{{ netbox_domain }}.crt
      -days 730 -subj "/CN={{ netbox_domain }}"
    creates: '/etc/nginx/ssl/{{ netbox_domain }}.crt'
  notify: Restart nginx

#- name: Configure certificate manager for netbox
#  template: src=certs.j2 dest=/etc/acertmgr/{{ netbox_domain }}.conf
#  notify: Run acertmgr

- name: Configure vhost
  template:
    src: vhost.j2
    dest: /etc/nginx/sites-available/netbox
    owner: root
    mode: '0644'
  notify: Restart nginx

- name: Enable vhost
  file:
    src: /etc/nginx/sites-available/netbox
    dest: /etc/nginx/sites-enabled/netbox
    state: link
    owner: root
    mode: preserve
  notify: Restart nginx