---
- hosts: virtualmachines
  vars_files:
    - vars.yaml
  vars:
    app_dir: /var/www/mataroa
    django_manage: /home/deploy/.local/bin/uv run python manage.py
    systemd_unit_templates:
      - mataroa-notifications.timer.j2
      - mataroa-notifications.service.j2
      - mataroa-exports.timer.j2
      - mataroa-exports.service.j2
      - mataroa-backup.timer.j2
      - mataroa-backup.service.j2
      - mataroa-dailysummary.timer.j2
      - mataroa-dailysummary.service.j2
  become: yes
  tasks:
    # smoke test and essential dependencies
    - name: ping
      ansible.builtin.ping:
    - name: essentials
      ansible.builtin.apt:
        update_cache: yes
        name:
          - gcc
          - git
          - rclone
          - vim
        state: present

    # caddy
    - name: add caddy key
      ansible.builtin.apt_key:
        id: 65760C51EDEA2017CEA2CA15155B6D79CA56EA34
        url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
        keyring: /etc/apt/trusted.gpg.d/caddy-stable.gpg
        state: present
    - name: add caddy repositories
      ansible.builtin.apt_repository:
        repo: "{{ item }}"
      loop:
        - "deb [signed-by=/etc/apt/trusted.gpg.d/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
        - "deb-src [signed-by=/etc/apt/trusted.gpg.d/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
    - name: install caddy
      ansible.builtin.apt:
        update_cache: yes
        name: caddy
    - name: caddyfile
      ansible.builtin.template:
        src: Caddyfile.j2
        dest: /etc/caddy/Caddyfile
        owner: root
        group: root
        mode: '0644'
      notify: restart caddy
    - name: systemd environment file for mataroa
      ansible.builtin.template:
        src: mataroa.env.j2
        dest: /etc/systemd/system/mataroa.env
        owner: root
        group: root
        mode: '0640'

    # deploy user and directory
    - name: create user
      ansible.builtin.user:
        name: deploy
        password: ""
        shell: /bin/bash
        groups:
          - sudo
          - www-data
        append: yes
        createhome: yes
        skeleton: '/etc/skel'
        generate_ssh_key: yes
        ssh_key_type: 'ed25519'
    - name: www directory
      ansible.builtin.file:
        path: /var/www
        state: directory
        mode: '0755'
        owner: deploy
        group: www-data

    # postgresql setup
    - name: pg user
      community.general.postgresql_user:
        name: "{{ postgres_username }}"
        password: "{{ postgres_password }}"
        expires: infinity
        state: present
      become_user: postgres
    - name: pg database
      community.general.postgresql_db:
        name: mataroa
        owner: "{{ postgres_username }}"
        state: present
      become_user: postgres
    - name: pg permissions
      community.postgresql.postgresql_privs:
        db: mataroa
        privs: ALL
        objs: ALL_IN_SCHEMA
        role: "{{ postgres_username }}"
        grant_option: true
      become_user: postgres

    # repo and tooling (as deploy user)
    - name: setup repo and tooling
      become_user: deploy
      block:
        - name: uv
          ansible.builtin.shell:
            cmd: curl -LsSf https://astral.sh/uv/0.8.8/install.sh | sh
        - name: clone
          ansible.builtin.git:
            repo: https://github.com/mataroablog/mataroa
            dest: /var/www/mataroa
            version: main
            accept_hostkey: true

    # systemd
    - name: systemd main service
      ansible.builtin.template:
        src: mataroa.service.j2
        dest: /etc/systemd/system/mataroa.service
        owner: root
        group: root
        mode: '0644'
      notify:
        - reload systemd
        - restart mataroa
    - name: systemd timers and helper services
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "/etc/systemd/system/{{ item | regex_replace('\\.j2$', '') }}"
        owner: root
        group: root
        mode: '0644'
      loop: "{{ systemd_unit_templates }}"
      notify: reload systemd
    - name: install backup script
      ansible.builtin.copy:
        src: backup-database.sh
        dest: /home/deploy/backup-database.sh
        owner: deploy
        group: deploy
        mode: '0755'
    - name: flush handlers before enabling timers
      ansible.builtin.meta: flush_handlers
    - name: systemd enable and start timers
      ansible.builtin.systemd:
        name: "{{ item }}"
        enabled: yes
        state: started
      loop:
        - mataroa-notifications.timer
        - mataroa-exports.timer
        - mataroa-backup.timer
        - mataroa-dailysummary.timer
    - name: systemd enable
      ansible.builtin.systemd:
        name: mataroa
        enabled: yes

    # deployment specific
    - name: collectstatic
      ansible.builtin.shell:
        cmd: "{{ django_manage }} collectstatic --no-input"
        chdir: "{{ app_dir }}"
      args:
        executable: /bin/bash
      become_user: deploy
    - name: migrations
      ansible.builtin.shell:
        cmd: "{{ django_manage }} migrate --no-input"
        chdir: "{{ app_dir }}"
      args:
        executable: /bin/bash
      environment:
        DATABASE_URL: "{{ database_url }}"
      become_user: deploy
    - name: caddy enable
      ansible.builtin.systemd:
        name: caddy
        enabled: yes

  handlers:
    - name: reload systemd
      ansible.builtin.systemd:
        daemon_reload: true
    - name: restart mataroa
      ansible.builtin.systemd:
        name: mataroa
        state: restarted
    - name: restart caddy
      ansible.builtin.systemd:
        name: caddy
        state: restarted