- name: Install debuginfod
  pacman: name=debuginfod state=present

- name: Create ssl cert
  include_role:
    name: certificate
  vars:
    domains: ["{{ debuginfod_domain }}"]
  when: debuginfod_domain

- name: Configure debuginfod systemd service
  template: src=debuginfod.service.j2 dest=/etc/systemd/system/debuginfod.service owner=root group=root mode=0644
  vars:
    debuginfod_package_path: "{{ debuginfod_package_paths | join(' ') }}"
  notify:
    - Reload debuginfod

- name: Create http directory for debuginfod website files
  file: path=/srv/http/debuginfod state=directory owner=root group=root mode=0755

- name: Install website files
  copy: src={{ item }} dest=/srv/http/debuginfod/{{ item }} owner=root group=root mode=0644
  loop:
    - archlinux.png
    - index.html

- name: Install packagelist units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  loop:
    - packagelist.timer
    - packagelist.service

- name: Start and enable packagelist.timer
  service: name=packagelist.timer enabled=yes state=started

- name: Make nginx log dir
  file: path=/var/log/nginx/{{ debuginfod_domain }} state=directory owner=root group=root mode=0755

- name: Set up nginx
  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/debuginfod.conf owner=root group=root mode=0644
  notify:
    - Reload nginx
  when: debuginfod_domain
  tags: ['nginx']

- name: Open debuginfod ipv4 port for monitoring.archlinux.org
  ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
    rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8002 accept"
  tags:
    - firewall

- name: Start and enable debuginfod
  service: name=debuginfod enabled=yes state=started