main.yml

---
- name: run maintenance mode
  include_role:
    name: maintenance
  vars:
    service_name: "site"
    service_domain: "{{ archweb_domain }}"
    service_alternate_domains: "{{ archweb_alternate_domains }}"
    service_nginx_conf: "{{ archweb_nginx_conf }}"
  when: maintenance is defined

- name: install required packages
  pacman: name=git,python-setuptools,python-psycopg2,llvm-libs,uwsgi-plugin-python state=present

- name: make archweb user
  user: name=archweb shell=/bin/false home="{{ archweb_dir }}" createhome=no

- name: fix home permissions
  file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"

- name: set archweb groups
  user: name=archweb groups=uwsgi
  when: archweb_site|bool

- name: set up nginx
  template: src=nginx.d.conf.j2 dest="{{ archweb_nginx_conf }}" owner=root group=root mode=644
  notify: reload nginx
  when: archweb_site|bool and maintenance is not defined
  tags: ['nginx']

- name: make nginx log dir
  file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=root group=root mode=0755
  when: archweb_site|bool

- name: make rsync iso dir
  file: path={{ archweb_rsync_iso_dir }} state=directory owner=archweb group=archweb mode=0755
  when: archweb_site|bool

- name: clone archweb repo
  git: >
    repo={{ archweb_repository }}
    dest="{{ archweb_dir }}"
    version={{ archweb_version }}
    verify_commit=true
    gpg_whitelist={{ archweb_pgp_key }}
  become: true
  become_user: archweb
  register: release

- name: make virtualenv
  command: python -m venv --system-site-packages "{{ archweb_dir }}"/env creates="{{ archweb_dir }}/env/bin/python"
  become: true
  become_user: archweb

- name: install stuff into virtualenv
  pip: requirements="{{ archweb_dir }}/requirements_prod.txt" virtualenv="{{ archweb_dir }}/env"
  become: true
  become_user: archweb
  register: virtualenv

- name: create media dir
  file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}/media"
  when: archweb_site|bool

- name: fix home permissions
  file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"

- name: configure archweb
  template: src=local_settings.py.j2 dest=/srv/http/archweb/local_settings.py owner=archweb group=archweb mode=0660
  register: config
  no_log: true

- name: create archweb db users
  postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
  no_log: true
  when: archweb_site or archweb_services
  with_items:
    - { user: "{{ archweb_db_site_user }}", password: "{{ vault_archweb_db_site_password }}" }
    - { user: "{{ archweb_db_services_user }}", password: "{{ vault_archweb_db_services_password }}" }
    - { user: "{{ archweb_db_dbscripts_user }}", password: "{{ vault_archweb_db_dbscripts_password }}" }
    - { user: "{{ archweb_db_backup_user }}", password: "{{ vault_archweb_db_backup_password }}" }

- name: create archweb db
  postgresql_db: name="{{ archweb_db }}" login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ archweb_db_site_user }}"
  when: archweb_site or archweb_services
  register: db_created

- name: django migrate
  django_manage: app_path="{{ archweb_dir }}" command=migrate virtualenv="{{ archweb_dir }}/env"
  become: true
  become_user: archweb
  when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)

- name: db privileges for archweb users
  postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
                    privs=CONNECT roles="{{ item }}" type=database
  when: archweb_site or archweb_services
  with_items:
    - "{{ archweb_db_services_user }}"
    - "{{ archweb_db_dbscripts_user }}"
    - "{{ archweb_db_backup_user }}"

- name: table privileges for archweb users
  postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
                    privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
  when: archweb_site or archweb_services
  with_items:
    - { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_table_objs }}" }
    - { user: "{{ archweb_db_dbscripts_user }}", objs: "{{ archweb_db_dbscripts_table_objs }}" }
    - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_table_objs }}" }

- name: sequence privileges for archweb users
  postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
                    privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
  when: archweb_site or archweb_services
  with_items:
    - { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_sequence_objs }}" }
    - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_sequence_objs }}" }

- name: django collectstatic
  django_manage: app_path="{{ archweb_dir }}" command=collectstatic virtualenv="{{ archweb_dir }}/env"
  become: true
  become_user: archweb
  when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)

- name: install reporead service
  template: src="archweb-reporead.service.j2" dest="/etc/systemd/system/archweb-reporead.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_reporead

- name: install mirrorcheck service
  template: src="archweb-mirrorcheck.service.j2" dest="/etc/systemd/system/archweb-mirrorcheck.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_mirrorcheck

- name: install mirrorcheck timer
  template: src="archweb-mirrorcheck.timer.j2" dest="/etc/systemd/system/archweb-mirrorcheck.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_mirrorcheck

- name: install mirrorresolv service
  template: src="archweb-mirrorresolv.service.j2" dest="/etc/systemd/system/archweb-mirrorresolv.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_mirrorresolv

- name: install mirrorresolv timer
  template: src="archweb-mirrorresolv.timer.j2" dest="/etc/systemd/system/archweb-mirrorresolv.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_mirrorresolv

- name: install populate_signoffs service
  template: src="archweb-populate_signoffs.service.j2" dest="/etc/systemd/system/archweb-populate_signoffs.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_populate_signoffs

- name: install populate_signoffs timer
  template: src="archweb-populate_signoffs.timer.j2" dest="/etc/systemd/system/archweb-populate_signoffs.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_populate_signoffs

- name: install planet service
  template: src="archweb-planet.service.j2" dest="/etc/systemd/system/archweb-planet.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_planet

- name: install planet timer
  template: src="archweb-planet.timer.j2" dest="/etc/systemd/system/archweb-planet.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_planet

- name: install rebuilderd status service
  template: src="archweb-rebuilderd.service.j2" dest="/etc/systemd/system/archweb-rebuilderd.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_site

- name: install rebulderd timer
  template: src="archweb-rebuilderd.timer.j2" dest="/etc/systemd/system/archweb-rebuilderd.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_site

- name: install pgp_import service
  template: src="archweb-pgp_import.service.j2" dest="/etc/systemd/system/archweb-pgp_import.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_pgp_import

- name: create pacman.d hooks dir
  file: state=directory owner=root group=root mode=0750 path="/etc/pacman.d/hooks"
  when: archweb_services or archweb_pgp_import

- name: install pgp_import hook
  template: src="archweb-pgp_import-pacman-hook.j2" dest="/etc/pacman.d/hooks/archweb-pgp_import.hook" owner=root group=root mode=0644
  when: archweb_services or archweb_pgp_import

- name: install archweb memcached service
  template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archweb-memcached.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_site|bool

- name: install archweb rsync iso service
  template: src="archweb-rsync_iso.service.j2" dest="/etc/systemd/system/archweb-rsync_iso.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_site|bool

- name: install archweb rsync iso timer
  template: src="archweb-rsync_iso.timer.j2" dest="/etc/systemd/system/archweb-rsync_iso.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_site|bool

- name: install donor_import service
  template: src="archweb-donor_import.service.j2" dest="/etc/systemd/system/archweb-donor_import.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_donor_import|bool

- name: install archweb donor import timer
  template: src="archweb-donor_import.timer.j2" dest="/etc/systemd/system/archweb-donor_import.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_donor_import|bool

- name: create maildir dump dir
  file: path={{ archweb_donor_maildir }}/{{ item }} recurse=yes state=directory owner=archweb group=users mode=0755
  with_items:
    - cur
    - new
  when: archweb_donor_import|bool

- name: install dump donor mail service
  template: src="archweb-dump_donor_mail.service.j2" dest="/etc/systemd/system/archweb-dump_donor_mail.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_donor_import|bool

- name: install dump donor mail timer
  template: src="archweb-dump_donor_mail.timer.j2" dest="/etc/systemd/system/archweb-dump_donor_mail.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_donor_import|bool

- name: install archweb donor mail dump script
  template: src="dump-mails.sh.j2" dest="/usr/local/bin/dump-mails.sh" owner=root group=root mode=0755
  notify:
    - daemon reload
  when: archweb_donor_import|bool

- name: deploy archweb
  template: src=archweb.ini.j2 dest=/etc/uwsgi/vassals/archweb.ini owner=archweb group=http mode=0640
  when: archweb_site|bool

- name: deploy new release
  file: path=/etc/uwsgi/vassals/archweb.ini state=touch owner=archweb group=http mode=0640
  when: archweb_site and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
  notify: restart archweb memcached

- name: start and enable archweb memcached service and archweb-rsync_iso timer
  systemd:
    name: "{{ item }}"
    enabled: yes
    state: started
    daemon_reload: yes
  with_items:
    - archweb-memcached.service
    - archweb-rsync_iso.timer
  when: archweb_site|bool

- name: start and enable archweb reporead service
  service: name="archweb-reporead.service" enabled=yes state=started
  when: archweb_services or archweb_reporead

- name: restart archweb reporead service
  service: name="archweb-reporead.service" state=restarted
  when: archweb_services or archweb_reporead and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)

- name: start and enable archweb mirrorcheck timer
  service: name="archweb-mirrorcheck.timer" enabled=yes state=started
  when: archweb_services or archweb_mirrorcheck

- name: start and enable archweb mirrorresolv timer
  service: name="archweb-mirrorresolv.timer" enabled=yes state=started
  when: archweb_services or archweb_mirrorresolv

- name: start and enable archweb populate_signoffs timer
  service: name="archweb-populate_signoffs.timer" enabled=yes state=started
  when: archweb_services or archweb_populate_signoffs

- name: start and enable archweb planet timer
  service: name="archweb-planet.timer" enabled=yes state=started
  when: archweb_planet

- name: start and enable archweb rebulderd update timer
  service: name="archweb-rebuilderd.timer" enabled=yes state=started
  when: archweb_site

- name: start and enable archweb donor_import and archweb-dump_donor_mail timer
  systemd:
    name: "{{ item }}"
    enabled: yes
    state: started
    daemon_reload: yes
  with_items:
    - archweb-donor_import.timer
    - archweb-dump_donor_mail.timer
  when: archweb_donor_import|bool

- name: create retro dir
  file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_retro_dir }}"
  when: archweb_site|bool

- name: clone archweb-retro repo
  git:
    repo: "{{ archweb_retro_repository }}"
    dest: "{{ archweb_retro_dir }}"
    version: "{{ archweb_retro_commit_hash }}"
  become: true
  become_user: archweb
  when: archweb_site|bool