- include_role:
    name: common
    tasks_from: "network.yml"
- include_role:
    name: common
    tasks_from: "host.yml"
- include_role:
    name: common
    tasks_from: "sudoers.yml"
  loop:
    - {
        src: "../newsreader/templates/sudoers.j2",
        dest: "/etc/sudoers.d/30-ansible-extra",
      }

- name: install packages
  apt:
    name:
      - memcached
      - pgbouncer
      - postfix
      - python-psycopg2
      - python3-psycopg2
      - python3
      - python3-pip
      - python3-venv
      - python3-setuptools
      - python3-virtualenv
      - python-pip
      - python-setuptools
      - python-virtualenv
      - rabbitmq-server
    state: present
  notify:
    - restart postfix

- name: copy firewall templates
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: "0600"
  with_items:
    - { src: "nftables.j2", dest: "/etc/nftables.conf" }
  notify: restart nftables

- name: copy memcached conf
  template:
    src: "memcached.j2"
    dest: "/etc/memcached.conf"
    owner: root
    group: root
    mode: "0644"
  notify: restart memcached

- name: add gitlab to known hosts
  become_user: "{{ app_user }}"
  known_hosts:
    name: "{{ gitlab_domain }}"
    key: "{{ gitlab_host_key }}"

- name: add gitlab pubkey
  authorized_key:
    user: ansible
    state: present
    key: "{{ app_deploy_key }}"

- name: Add newsreader user
  user:
    name: "{{ app_user }}"
    create_home: yes
    shell: /bin/bash

- name: create ssh dir
  file:
    path: "/home/{{ app_user }}/.ssh"
    state: directory
    owner: "{{ app_user }}"
    group: "{{ app_user }}"
    mode: 0755

- name: create rabbitmq service override dir
  file:
    path: /etc/systemd/system/rabbitmq-server.service.d/
    state: directory
    mode: "0644"

- name: copy rabbitmq configurations
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  loop:
    - {
        src: "limits.j2",
        dest: "/etc/systemd/system/rabbitmq-server.service.d/limits.conf",
        mode: "0644",
        group: "root",
        owner: "root",
      }
    - {
        src: "rabbitmq.conf.j2",
        dest: "/etc/rabbitmq/rabbitmq-env.conf",
        mode: "0644",
        group: "rabbitmq",
        owner: "rabbitmq",
      }
  notify: restart rabbitmq

- include_role:
    name: common
    tasks_from: "ssl.yml"
- include_role:
    name: common
    tasks_from: "nginx.yml"

- name: copy nginx config
  template:
    src: "nginx.j2"
    dest: "/etc/nginx/sites-available/newsreader"
    owner: root
    group: root
    mode: "0644"

- name: link nginx config
  file:
    src: "/etc/nginx/sites-available/newsreader"
    dest: "/etc/nginx/sites-enabled/newsreader"
    owner: root
    group: root
    mode: "0777"
    state: link

- name: copy nftables config
  template:
    src: "nftables.j2"
    dest: "/etc/nftables.conf"
    owner: root
    group: root
    mode: "0600"
  notify: restart nftables

- name: copy pgbouncer config
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: postgres
    group: postgres
    mode: "{{ item.mode }}"
  loop:
    - {
        src: "pgbouncer.j2",
        dest: "/etc/pgbouncer/pgbouncer.ini",
        "mode": "0640",
      }
    - {
        src: "pgbouncer-users.j2",
        dest: "/etc/pgbouncer/userlist.txt",
        "mode": "0640",
      }

- name: ensure pgbouncer is restarted
  systemd:
    name: pgbouncer
    state: restarted
    enabled: true

- include_tasks: "project.yml"