---
- name: Install apt-add-repository
  apt:
    name: '{{ packages }}'
    state: present
    update_cache: yes
  vars:
    packages:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg2
      - software-properties-common

- name: Add Docker's GPG key
  shell: curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
  args:
    warn: False  # Piping

- name: Add Docker's apt repository
  shell: add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"

- name: Install Docker
  apt:
    name: '{{ packages }}'
    state: present
    update_cache: yes
  vars:
    packages:
      - docker-ce
      - docker-ce-cli
      - containerd.io

- name: Add '{{ user }}' to docker group
  user:
    name: '{{ user }}'
    groups: docker
    append: yes

- name: Install docker-compose
  shell: curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
  args:
    warn: False  # Calls to uname

- name: Copy compose config
  copy:
    src: templates/web/compose
    dest: '/home/{{ user }}'
    owner: '{{ user }}'
    group: '{{ user }}'
    mode: "600"

- name: Install NFS common
  apt:
    name: nfs-common
    state: present
    update_cache: yes

- name: Create mountable dir
  file:
    path: /nfs
    state: directory
    mode: u=rwx,g=r,o=r
    owner: '{{ user }}'
    group: '{{ user }}'

- name: set mountpoints
  mount:
    name: /nfs
    src: 172.20.69.1:/nfs
    fstype: nfs
    state: mounted

# TODO the certbot installation process probably needs fixing
- name: Install pip
  apt:
    name: python-pip
    state: present

- name: Install certbot's cloudflare plugin
  pip:
    name: certbot-dns-cloudflare
    extra_args: --user

- name: Write example cloudflare secrets file
  copy:
    src: templates/web/cloudflare.ini.example
    dest: /root/cloudflare.ini.example
    mode: "0700"
    owner: root
    group: root

- name: Run certbot
  shell: /root/.local/bin/certbot renew --dns-cloudflare --dns-cloudflare-credentials /root/cloudflare.ini -d jibby.org,\*.jibby.org --preferred-challenges dns-01
  ignore_errors: yes  # This fails if the certs already exist

- name: Schedule certbot renewal cronjob
  cron:
    name: "renew certs"
    special_time: weekly
    job: '/root/.local/bin/certbot renew'

- name: Set outward facing nginx server
  copy:
    src: templates/web/docker.conf
    dest: /etc/nginx/conf.d/docker.conf
    mode: "0644"
    owner: root
    group: root

- name: Remove default nginx site
  file:
    path: /etc/nginx/sites-enabled/default
    state: absent

- name: Start and enable Nginx
  service:
    name: nginx
    state: started
    enabled: yes