main.yml

---
- name: install required packages
  pacman:
    state: present
    name:
      - asciidoc
      - highlight
      - make
      - php-memcached
      - pyalpm
      - python-bleach
      - python-markdown
      - python-mysql-connector
      - python-pygit2
      - python-srcinfo
      - sudo
      - uwsgi-plugin-cgi

- name: install the cgit package
  pacman:
    state: present
    name:
      - cgit-aurweb
  register: cgit

- name: install the git package
  pacman:
    state: present
    name:
      - git
  register: git

- name: make aur user
  user: name="{{ aurweb_user }}" shell=/bin/bash createhome=yes

- name: Create directory
  file: path={{ aurweb_dir }} state=directory owner={{aurweb_user}} group=http mode=0775

- name: clone aurweb repo
  git: >
    repo={{ aurweb_repository }}
    dest="{{ aurweb_dir }}"
    version={{ aurweb_version }}
  become: true
  become_user: "{{aurweb_user}}"
  register: release

- name: clone Trusted User documentation repo
  git: >
    repo={{ tubylaws_repository }}
    dest="{{ aurweb_dir }}/tu-bylaws"
    version={{ tubylaws_version }}
  become: true
  become_user: "{{ aurweb_user }}"
  register: tubylaws_release

- name: create necessary directories
  file: path={{ aurweb_dir}}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }}
  with_items:
    - 'aurblup'
    - 'sessions'
    - 'uploads'
    - 'web/html/trusted-user'

- name: create aur db
  mysql_db: name="{{ aurweb_db }}" login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}" encoding=utf8
  register: db_created
  no_log: true

- name: create aur db user
  mysql_user: name={{ aurweb_db_user }} password={{ vault_aurweb_db_password }}
              login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}"
              priv="{{ aurweb_db }}.*:ALL"
  no_log: true

- name: check if db is imported
  shell: mysql -u {{ aurweb_db_user }} -p{{ vault_aurweb_db_password }} -e "SELECT ID FROM Users" {{ aurweb_db }}
  ignore_errors: true
  register: db_imported
  no_log: true

- name: import aur sql db
  mysql_db:
    state: import
    name: "{{ aurweb_db }}"
    login_host: "{{ aurweb_db_host }}"
    login_password: "{{ vault_mariadb_users.root }}"
    target: "{{ aurweb_dir }}/schema/aur-schema.sql"
  when: db_imported.rc != 0
  no_log: true

- name: create aurweb conf dir
  file: path={{ aurweb_conf_dir }} state=directory

- name: copy aurweb configuration file
  copy: src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes

- name: install custom aurweb configuration
  template: src=config.j2 dest={{ aurweb_conf_dir }}/config

- name: Install python module
  shell: "python3 setup.py install --install-scripts=/usr/local/bin"
  args:
    chdir: "{{ aurweb_dir }}"

- name: Generate HTML documentation
  make:
      chdir: "{{ aurweb_dir }}/doc"
  become: true
  become_user: "{{aurweb_user}}"

- name: Generate Translations
  make:
      chdir: "{{ aurweb_dir }}/po"
      target: "install"
  become: true
  become_user: "{{aurweb_user}}"

- name: Generate Trusted User documentation
  make:
    chdir: "{{ aurweb_dir }}/tu-bylaws"
  become: true
  become_user: "{{ aurweb_user }}"
  when: tubylaws_release.changed

- name: Install Trusted User documentation
  copy: src={{ aurweb_dir }}/tu-bylaws/tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/tu-bylaws.html remote_src=yes
  when: tubylaws_release.changed

- name: Install Trusted User documentation symlink
  file: src=tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/TUbylaws.html state=link
  when: tubylaws_release.changed

- name: set up nginx
  template: src=nginx.d.conf.j2 dest={{ aurweb_nginx_conf }} owner=root group=root mode=644
  notify: reload nginx
  tags: ['nginx']

- name: make nginx log dir
  file: path=/var/log/nginx/{{ aurweb_domain }} state=directory owner=root group=root mode=0755

- name: configure php-fpm
  template:
    src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ aurweb_user }}.conf"
    owner=root group=root mode=0644
  notify:
    - restart php-fpm@{{ aurweb_user }}

- name: start and enable systemd socket
  service: name=php-fpm@{{ aurweb_user }}.socket state=started enabled=true

- name: install cgit configuration
  template: src=cgitrc.j2 dest="{{ aurweb_conf_dir }}/cgitrc"

- name: configure cgit uwsgi service
  template: src=cgit.ini.j2 dest=/etc/uwsgi/vassals/cgit.ini owner={{ aurweb_user }} group=http mode=0644

- name: deploy new cgit release
  become: true
  become_user: "{{ aurweb_user }}"
  file: path=/etc/uwsgi/vassals/cgit.ini state=touch
  when: cgit.changed

- name: configure smartgit uwsgi service
  template: src=smartgit.ini.j2 dest=/etc/uwsgi/vassals/smartgit.ini owner={{ aurweb_user }} group=http mode=0644

- name: deploy new smartgit release
  become: true
  become_user: "{{ aurweb_user }}"
  file: path=/etc/uwsgi/vassals/smartgit.ini state=touch
  when: git.changed

- name: create git repo dir
  file: path={{ aurweb_git_dir }} state=directory owner={{aurweb_user}} group=http mode=0775

- name: init git directory
  command: git init --bare {{ aurweb_git_dir }}
  args:
    creates: "{{ aurweb_git_dir }}/HEAD"
  become: true
  become_user: "{{aurweb_user}}"

- shell: git config --local --get-all transfer.hideRefs
  register: git_config
  args:
    chdir: "{{ aurweb_git_dir }}"
  failed_when: git_config.rc == 2 # FIXME: does not work.

- name: configure git tranfser.hideRefs
  command: git config --local transfer.hideRefs '^refs/'
  args:
    chdir: "{{ aurweb_git_dir }}"
  become: true
  become_user: "{{aurweb_user}}"
  when: git_config.stdout.find('^refs/') == -1

- name: configure git transfer.hideRefs second
  command: git config --local --add transfer.hideRefs '!refs/'
  args:
    chdir: "{{ aurweb_git_dir }}"
  become: true
  become_user: "{{aurweb_user}}"
  when: git_config.stdout.find('!refs/') == -1

- name: configure git transfer.hideRefs third
  command: git config --local --add transfer.hideRefs '!HEAD'
  args:
    chdir: "{{ aurweb_git_dir }}"
  become: true
  become_user: "{{aurweb_user}}"
  when: git_config.stdout.find('!HEAD') == -1

- name: create symlink for git hook
  file:
    src: "{{ aurweb_git_hook }}"
    dest: "{{ aurweb_git_dir }}/hooks/update"
    state: link

- name: install AUR systemd service and timers
  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
      - aurweb-git.service
      - aurweb-git.timer
      - aurweb-aurblup.service
      - aurweb-aurblup.timer
      - aurweb-memcached.service
      - aurweb-mkpkglists.service
      - aurweb-mkpkglists.timer
      - aurweb-pkgmaint.service
      - aurweb-pkgmaint.timer
      - aurweb-popupdate.service
      - aurweb-popupdate.timer
      - aurweb-tuvotereminder.service
      - aurweb-tuvotereminder.timer

- name: start and enable AUR systemd services and timers
  service: name={{ item }} enabled=yes state=started
  with_items:
       - aurweb-git.timer
       - aurweb-aurblup.timer
       - aurweb-memcached.service
       - aurweb-mkpkglists.timer
       - aurweb-pkgmaint.timer
       - aurweb-popupdate.timer
       - aurweb-tuvotereminder.timer

- name: configure sshd
  template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
  notify:
    - restart sshd