- name: copy firewall templates
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: root
    mode: '0600'
  loop:
    - { src: 'templates/nftables.j2', dest: '/etc/nftables.conf' }
  notify: restart nftables

- name: copy memcached conf
  template:
    src: 'templates/memcached.j2'
    dest: '/etc/memcached.conf'
    owner: root
    group: root
    mode: '0644'
  notify: restart memcached

- name: add gitlab to known hosts
  become_user: '{{ app_user }}'
  known_hosts:
    name: '{{ gitlab_domain }}'
    key: '{{ gitlab_host_key }}'

- name: add gitlab pubkey
  authorized_key:
    user: ansible
    state: present
    key: '{{ app_deploy_key }}'

- name: Add newsreader user
  user:
    name: '{{ app_user }}'
    create_home: yes
    shell: /bin/bash

- name: create ssh dir
  file:
    path: '/home/{{ app_user }}/.ssh'
    state: directory
    owner: '{{ app_user }}'
    group: '{{ app_user }}'
    mode: 0755

- name: create rabbitmq service override dir
  file:
    path: /etc/systemd/system/rabbitmq-server.service.d/
    state: directory
    mode: '0644'

- name: copy rabbitmq configurations
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: '{{ item.owner }}'
    group: '{{ item.group }}'
    mode: '{{ item.mode }}'
  loop:
    - {
        src: 'templates/limits.j2',
        dest: '/etc/systemd/system/rabbitmq-server.service.d/limits.conf',
        mode: '0644',
        group: 'root',
        owner: 'root',
      }
    - {
        src: 'rabbitmq.conf.j2',
        dest: '/etc/rabbitmq/rabbitmq-env.conf',
        mode: '0644',
        group: 'rabbitmq',
        owner: 'rabbitmq',
      }
  notify: restart rabbitmq

- name: copy nginx config
  template:
    src: 'templates/nginx.j2'
    dest: '/etc/nginx/sites-available/newsreader'
    owner: root
    group: root
    mode: '0644'

- name: link nginx config
  file:
    src: '/etc/nginx/sites-available/newsreader'
    dest: '/etc/nginx/sites-enabled/newsreader'
    owner: root
    group: root
    mode: '0777'
    state: link

- name: copy nftables config
  template:
    src: 'templates/nftables.j2'
    dest: '/etc/nftables.conf'
    owner: root
    group: root
    mode: '0600'
  notify: restart nftables

- name: copy pgbouncer config
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: postgres
    group: postgres
    mode: '{{ item.mode }}'
  loop:
    - {
        src: 'templates/pgbouncer.j2',
        dest: '/etc/pgbouncer/pgbouncer.ini',
        'mode': '0640',
      }
    - {
        src: 'templates/pgbouncer-users.j2',
        dest: '/etc/pgbouncer/userlist.txt',
        'mode': '0640',
      }

- name: ensure pgbouncer is restarted
  systemd:
    name: pgbouncer
    state: restarted
    enabled: true