---
- name: Install apt-add-repository
  apt:
    name: '{{ packages }}'
    state: present
    update_cache: yes
  vars:
    packages:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg2
      - software-properties-common

- name: Add Docker's GPG key
  shell: curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
  args:
    warn: False  # Piping

- name: Add Docker's apt repository
  shell: add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"

- name: Install Docker
  apt:
    name: '{{ packages }}'
    state: present
    update_cache: yes
  vars:
    packages:
      - docker-ce
      - docker-ce-cli
      - containerd.io

- name: Add '{{ user }}' to docker group
  user:
    name: '{{ user }}'
    groups: docker
    append: yes

- name: Install docker-compose
  shell: curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
  args:
    warn: False  # Calls to uname

- name: Copy compose config
  copy:
    src: templates/web/compose
    dest: '/home/{{ user }}'
    owner: '{{ user }}'
    group: '{{ user }}'
    mode: "600"

- name: Install NFS common
  apt:
    name: nfs-common
    state: present
    update_cache: yes

- name: Create mountable dir
  file:
    path: /nfs
    state: directory
    mode: u=rwx,g=r,o=r
    owner: '{{ user }}'
    group: '{{ user }}'

- name: set mountpoints
  mount:
    name: /nfs
    src: 172.20.69.1:/nfs
    fstype: nfs
    state: mounted

- name: Install certbot
  get_url:
    url: https://dl.eff.org/certbot-auto
    dest: /usr/local/bin/certbot-auto
    mode: u=rwx,g=r,o=r
    owner: root
    group: root

- name: Install pip
  apt:
    name: python-pip
    state: present

- name: Install certbot's cloudflare plugin
  pip:
    name: certbot-dns-cloudflare
    extra_args: --user

- name: Write example cloudflare secrets file
  copy:
    src: templates/web/cloudflare.ini.example
    dest: /root/cloudflare.ini.example
    mode: "0700"
    owner: root
    group: root

- name: Run certbot
  shell: certbot renew --dns-cloudflare --dns-cloudflare-credentials /root/cloudflare.ini -d jibby.org,\*.jibby.org --preferred-challenges dns-01

- name: Schedule certbot renewal cronjobs and copying of static cert files (for sharing with Docker)
  cron:
    name: "renew certs and copy"
    special_time: weekly
    job: '/usr/local/bin/certbot renew --post-hook "cp -L /etc/letsencrypt/live/jibby.org/cert.pem /static_certs/jibby.org.crt && cp -L /etc/letsencrypt/live/jibby.org/privkey.pem /static_certs/jibby.org.key && cp -L /etc/letsencrypt/live/jibby.org-0001/cert.pem /static_certs/shared.crt && cp -L /etc/letsencrypt/live/jibby.org-0001/privkey.pem /static_certs/shared.key && systemctl restart nginx"'