---

- name: Create wapt DB user
  postgresql_user:
    db: postgres
    name: "{{ wapt_db_user }}"
    password: "{{ wapt_db_pass }}"
    login_host: "{{ wapt_db_server }}"
    login_user: sqladmin
    login_password: "{{ pg_admin_pass }}"
  tags: wapt

- name: Create the PostgreSQL database
  postgresql_db:
    name: wapt
    encoding: UTF-8
    template: template0
    owner: "{{ wapt_db_user }}"
    login_host: "{{ wapt_db_server }}"
    login_user: sqladmin
    login_password: "{{ pg_admin_pass }}"
  tags: wapt

- name: Enable the hstore extension
  postgresql_ext:
    db: "{{ wapt_db_name }}"
    login_host: "{{ wapt_db_server }}"
    login_user: sqladmin
    login_password: "{{ pg_admin_pass }}"
    name: hstore
  tags: wapt

- name: Configure WAPT server
  ini_file: path=/opt/wapt/conf/waptserver.ini section=options option={{ item.option }} value={{ item.value }}
  with_items:
    - option: db_name
      value: "{{ wapt_db_name }}"
    - option: db_host
      value: "{{ wapt_db_server }}"
    - option: db_user
      value: "{{ wapt_db_user }}"
    - option: db_password
      value: "{{ wapt_db_pass }}"
    - option: waptwua_folder
      value: /var/www/html/waptwua
    - option: server_uuid
      value: "{{ inventory_hostname | to_uuid }}"
    - option: allow_unauthenticated_connect
      value: 'False'
    - option: allow_unauthenticated_registration
      value: 'False'
    - option: secret_key
      value: "{{ wapt_secret_key }}"
    - option: use_kerberos
      value: 'False'
  notify: restart wapt
  tags: wapt

- name: Configure system proxy
  ini_file: path=/opt/wapt/conf/waptserver.ini section=options option=http_proxy value={{ system_proxy }}
  when: system_proxy is defined and system_proxy != ''
  notify: restart wapt
  tags: wapt

- name: Check if admin password is set
  command: grep -qP '^wapt_password' /opt/wapt/conf/waptserver.ini
  ignore_errors: True
  register: wapt_admin_pass_set
  changed_when: False
  tags: wapt

- when: wapt_admin_pass_set.rc != 0
  block:
    - name: Hash the WAPT admin password
      command: /opt/wapt/bin/python -c 'from passlib.hash import pbkdf2_sha256; print(pbkdf2_sha256.hash("admin".encode("utf8")))'
      register: wapt_admin_pass_hash
      changed_when: False

    - set_fact: wapt_admin_pass_hash={{ wapt_admin_pass_hash.stdout }}

    - name: Set default admin password
      ini_file: path=/opt/wapt/conf/waptserver.ini section=options option=wapt_password value={{ wapt_admin_pass_hash }}
      notify: restart wapt

  tags: wapt

- name: Set correct ownership for wapt configuration
  file: path=/opt/wapt/conf/waptserver.ini owner=wapt mode=0600
  tags: wapt

- name: Deploy nginx config
  template: src={{ item.src }}.j2 dest={{ item.dest }}
  loop:
    - src: nginx.conf
      dest: /etc/nginx/nginx.conf
    - src: wapt.conf
      dest: /etc/nginx/conf.d/wapt.conf
  notify: restart nginx
  tags: wapt

- name: Deploy rsync configuration
  template: src=rsyncd.conf.j2 dest=/etc/rsyncd.conf.d/waptrepo.conf
  tags: wapt

- name: Deploy WAPT Repo rsync secret
  copy: content=wapt:{{ wapt_rsync_pass }} dest=/opt/wapt/conf/rsync.secrets mode=400 owner=root group=root
  when: wapt_rsync_pass is defined
  tags: wapt

- name: Remove rsync secret
  file: path=/opt/wapt/conf/rsync.secrets state=absent
  when: wapt_rsync_pass is not defined
  tags: wapt