---
- hosts: servers
  vars_files:
    - vars.yml
    - secrets.yml
  gather_facts: true
  become: yes

  tasks:
    - name: Change hostname
      hostname:
        name: "{{ domain_name }}"

    - name: Add host to /etc/hosts
      lineinfile:
        dest: /etc/hosts
        regexp: '^127\.0\.0\.1[ \t]+localhost'
        line: '127.0.0.1 localhost {{ domain_name }} www.{{ domain_name }}'
        state: present

    - name: Add Apt signing key for postgresql
      apt_key:
        id: 7FCC7D46ACCC4CF8
        keyserver: keyserver.ubuntu.com

    - name: Install aptitude
      apt: pkg={{ item }} update-cache=yes
      with_items:
        - aptitude

    - name: Update and upgrade apt packages
      become: true
      apt:
        upgrade: yes
        update_cache: yes
        cache_valid_time: 86400 #One day

    - name: Set locale
      command: /usr/sbin/update-locale LANG={{ locale }} LC_ALL={{ locale }}

    - name: Set /etc/localtime
      file: src=/usr/share/zoneinfo/{{ timezone }} dest=/etc/localtime

    - name: Set /etc/timezone
      template: src=../../ansible_templates/timezone.j2 dest=/etc/timezone
      notify: update tzdata

    - name: Add apt repository for letsencrypt
      apt_repository:
        repo: 'ppa:certbot/certbot'
        update-cache: yes

    - name: Add apt repository for postgresql
      apt_repository:
        repo: 'deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main'
        update-cache: yes

    - name: Install system packages
      apt: pkg={{ item }} update-cache=yes
      with_items:
        - apache2
        - certbot
        - git
        - libapache2-mod-wsgi-py3
        - libmemcached-dev
        - mailutils
        - memcached
        - postfix
        - postgresql-10
        - postgresql-client-10
        - postgresql-server-dev-10
        - python-certbot-apache
        - python3-dev
        - python3-pip
        - python3-venv
        - redis-server
        - tzdata
        - unzip

    - name: Upgrade pip
      pip:
        name: pip
        executable: pip3
        extra_args: --upgrade

    - name: Install python dependencies
      pip:
        name: "{{ item }}"
        executable: pip3
      with_items:
        - psycopg2==2.7.5
        - psycopg2-binary==2.7.5

    - name: Create main directory for the project
      file:
        path: "{{ project_root }}"
        state: directory
        mode: 0775

    - name: Create Unix user group
      group:
        name: webapps
        state: present

    - name: Create Unix user
      user:
        name: "{{ user_username }}"
        shell: /bin/bash
        groups: webapps
        home: "{{ project_root }}"

    - name: Create inner directories for the project
      file:
        path: "{{ item }}"
        state: directory
        owner: "{{ project_name }}"
        group: webapps
        mode: 0775
      with_items:
        - "{{ project_root }}/.ssh"
        - "{{ project_root }}/src"
        - "{{ project_root }}/db_backups"
        - "{{ project_root }}/logs"
        - "{{ project_root }}/commands"
        - "{{ project_root }}/public_html"

    - name: Save ssh key to server
      copy: src={{ ssh_github_key }} dest={{ project_root }}/.ssh/id_rsa mode=600

    - name: Set directory permissions
      file:
        dest: "{{ project_root }}"
        owner: "{{ project_name }}"
        group: users
        recurse: yes

    - name: Create virtual environment
      become: yes
      become_user: "{{ user_username }}"
      command: python3 -m venv {{ project_root }}/env/
      args:
        creates: "{{ project_root }}/env/bin/python"

    - name: Always activate virtual environment for {{ project_name }} user
      lineinfile:
        path: "{{ project_root }}/.bash_profile"
        state: present
        create: yes
        line: "source {{ project_root }}/env/bin/activate"

    - name: Set the DJANGO_SETTINGS_MODULE
      lineinfile:
        path: "{{ project_root }}/.bash_profile"
        state: present
        create: yes
        line: "export DJANGO_SETTINGS_MODULE=myproject.settings.production"

    - name: Copy PostgreSQL authentication configuration
      template:
        src: ../../ansible_templates/pg_hba.j2
        dest: /etc/postgresql/10/main/pg_hba.conf
      notify:
        - restart postgresql

    - name: Copy PostgreSQL main configuration
      template:
        src: ../../ansible_templates/postgresql.j2
        dest: /etc/postgresql/10/main/postgresql.conf
      notify:
        - restart postgresql

    - name: Make sure PostgreSQL server is running
      service: name=postgresql state=started

    - name: Create database user
      become_user: postgres
      postgresql_user: name={{ db_user }} password={{ db_password }} role_attr_flags=CREATEDB,LOGIN encrypted=yes

    - name: Create database
      become_user: postgres
      postgresql_db: name={{ db_name }} owner={{ db_user }}

    - name: Enable required apache modules
      apache2_module:
        state: present
        name: "{{ item }}"
      with_items:
        - alias
        - expires
        - rewrite
        - ssl
        - wsgi

    - name: Prepare apache configuration
      block:
        - name: Remove default apache site
          file: path=/etc/apache2/sites-enabled/000-default.conf state=absent
          notify:
            - restart apache

        - name: Copy Apache-Pre config
          template:
            src: ../../ansible_templates/apache_site-pre.conf.j2
            dest: /etc/apache2/sites-available/{{ project_name }}.conf

        - name: Create website configuration symlink
          file:
            src: /etc/apache2/sites-available/{{ project_name }}.conf
            dest: /etc/apache2/sites-enabled/{{ project_name }}.conf
            state: link
          notify:
            - restart apache

    - name: Install Letsencrypt SSL certificate
      block:
        - name: Create letsencrypt directory
          file: name=/var/www/letsencrypt state=directory

        - name: Create letsencrypt certificate
          shell: certbot certonly -n --apache -w /var/www/letsencrypt -m {{ letsencrypt_email }} --agree-tos --no-verify-ssl -d {{ domain_name }} -d www.{{ domain_name }}
          args:
            creates: /etc/letsencrypt/live/{{ domain_name }}

        - name: Make sure that bash is the default shell in the crontab
          cronvar:
            name: SHELL
            value: /bin/bash

        - name: Add letsencrypt cronjob for cert renewal
          cron:
            name: letsencrypt_renewal
            special_time: weekly
            job: certbot --renew-by-default certonly -n --apache -w /var/www/letsencrypt -m {{ letsencrypt_email }} --agree-tos -d {{ domain_name }} -d www.{{ domain_name }} && service apache2 reload

    - name: Copy memcached config
      template: src=../../ansible_templates/memcached.j2 dest=/etc/memcached.conf
      notify:
      - restart memcached

    - name: Copy postfix config
      template: src=../../ansible_templates/postfix.j2 dest=/etc/postfix/main.cf
      notify:
      - restart postfix

    - name: Copy postfix forwarding config
      template: src=../../ansible_templates/virtual.j2 dest=/etc/postfix/virtual
      notify:
      - activate postfix forwarding


  handlers:
    - name: restart postgresql
      service: name=postgresql state=restarted

    - name: restart apache
      service: name=apache2 state=restarted

    - name: restart memcached
      service: name=memcached state=restarted

    - name: restart postfix
      service: name=postfix state=restarted

    - name: activate postfix forwarding
      command: postmap /etc/postfix/virtual

    - name: update tzdata
      command: /usr/sbin/dpkg-reconfigure --frontend noninteractive tzdata

- import_playbook: deploy.yml