---

- name: Install needed packages
  yum:
    name:
      - openssl-devel
      - gcc
      - sqlite
  tags: vaultwarden

- name: Check if MariaDB version is set
  fail: msg="Need to define mysql_mariadb_version"
  when:
    - vaultwarden_db_engine == 'mysql'
    - mysql_mariadb_version is not defined or mysql_mariadb_version == 'default'
    - ansible_os_family == 'RedHat'
    - ansible_distribution_major_version is version('8','<')
  tags: vaultwarden

- name: Install MariaDB devel package
  yum:
    name:
      - mariadb-devel
  when: vaultwarden_db_engine == 'mysql'
  tags: vaultwarden

  # With upstream MariaDB repo, /usr/lib64/libmariadb.so is in MariaDB-shared not in MariaDB-devel
- name: Install MariaDB shared libs
  yum:
    name:
      - MariaDB-shared
  when:
    - vaultwarden_db_engine == 'mysql'
    - mysql_mariadb_version is defined
    - mysql_mariadb_version != 'default'
  tags: vaultwarden

- when: vaultwarden_install_mode != 'none'
  tags: vaultwarden
  block:
    - name: Download vaultwarden
      get_url:
        url: "{{ vaultwarden_archive_url }}"
        dest: "{{ vaultwarden_root_dir }}/tmp"
        checksum: sha1:{{ vaultwarden_archive_sha1 }}

    - name: Extract vaultwarden archive
      unarchive:
        src: "{{ vaultwarden_root_dir }}/tmp/vaultwarden-{{ vaultwarden_version }}.tar.gz"
        dest: "{{ vaultwarden_root_dir }}/tmp"
        remote_src: True
  
    - name: Build vaultwarden
      command: bash -lc 'cargo build --features={{ (vaultwarden_db_engine == "mysql") | ternary("mysql","sqlite") }} --release'
      args:
        chdir: "{{ vaultwarden_root_dir }}/tmp/vaultwarden-{{ vaultwarden_version }}"

    - name: Install binary
      copy: src={{ vaultwarden_root_dir }}/tmp/vaultwarden-{{ vaultwarden_version }}/target/release/vaultwarden dest="{{ vaultwarden_root_dir }}/bin/" mode=755 remote_src=True
      notify: restart vaultwarden

- when: vaultwarden_web_install_mode != 'none'
  tags: vaultwarden
  block:
    - name: Download vaultwarden web vault
      get_url:
       url: "{{ vaultwarden_web_archive_url }}"
       dest: "{{ vaultwarden_root_dir }}/tmp"
       checksum: sha1:{{ vaultwarden_web_archive_sha1 }}

    - name: Extract the archive
      unarchive:
        src: "{{ vaultwarden_root_dir }}/tmp/bw_web_v{{ vaultwarden_web_version }}.tar.gz"
        dest: "{{ vaultwarden_root_dir }}/tmp"
        remote_src: True

    - name: Move files to their final location
      synchronize:
        src: "{{ vaultwarden_root_dir }}/tmp/web-vault/"
        dest: "{{ vaultwarden_root_dir }}/web-vault/"
        recursive: True
        delete: True
      delegate_to: "{{ inventory_hostname }}"

- name: Install systemd unit
  template: src=vaultwarden.service.j2 dest=/etc/systemd/system/vaultwarden.service
  register: vaultwarden_unit
  tags: vaultwarden

- name: Reload systemd
  systemd: daemon_reload=True
  when: vaultwarden_unit.changed
  tags: vaultwarden

- name: Install pre/post backup hooks
  template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/vaultwarden.sh mode=755
  loop:
    - pre
    - post
  tags: vaultwarden

- import_tasks: ../includes/webapps_create_mysql_db.yml
  vars:
    - db_name: "{{ vaultwarden_db_name }}"
    - db_user: "{{ vaultwarden_db_user }}"
    - db_server: "{{ vaultwarden_db_server }}"
    - db_pass: "{{ vaultwarden_db_pass }}"
  when: vaultwarden_db_engine == 'mysql'
  tags: vaultwarden