---

- hosts: afpyros
  vars:
    nginx_public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjZQkU+su6uDOq8zllDP/j6Wg7puNHG8eZMVBgP8Ady"
  tasks:
    - name: Basic setup
      include_role: name=common

    - name: Setup afpyro.afpy.org
      include_role: name=nginx
      vars:
        nginx_owner: afpyro-afpy-org
        nginx_domain: afpyro.afpy.org
        nginx_certificates: [afpyro.afpy.org]
        nginx_conf: |
          server
          {
              listen [::]:80; listen 80;
              server_name afpyro.afpy.org;
              access_log /var/log/nginx/afpyro.afpy.org-access.log;
              error_log /var/log/nginx/afpyro.afpy.org-error.log;
              return 301 https://$host$request_uri;
          }

          server
          {
              listen [::]:443 ssl; listen 443 ssl;
              server_name afpyro.afpy.org;
              access_log /var/log/nginx/afpyro.afpy.org-access.log;
              error_log /var/log/nginx/afpyro.afpy.org-error.log;
              root /var/www/afpyro.afpy.org/;
              include snippets/letsencrypt-afpyro.afpy.org.conf;

              location /static/
              {
                  alias /home/afpyro-afpy-org/src/static/;
              }

              location /_static/
              {
                  alias /home/afpyro-afpy-org/src/docs/_build/html/_static/;
              }

              location /
              {
                  include proxy_params;
                  proxy_pass http://unix:/run/afpyro-afpy-org/website.sock;
              }
          }

    - name: afpyro user can reload own website
      lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^afpyro-afpy-org '
        line: "afpyro-afpy-org ALL = NOPASSWD: /bin/systemctl restart afpyro-afpy-org.service"
        validate: /usr/sbin/visudo -cf %s

    - name: Initial clone
      become: true
      become_user: afpyro-afpy-org
      git:
        repo: https://github.com/AFPy/siteafpyro
        dest: /home/afpyro-afpy-org/src/
        update: no

    - name: pip install AFPyro requirements
      become: true
      become_user: afpyro-afpy-org
      pip:
        requirements: /home/afpyro-afpy-org/src/requirements.txt
        virtualenv_command: /usr/bin/python3 -m venv
        virtualenv: "/home/afpyro-afpy-org/venv/"

    - name: Compile HTML pages
      become: true
      become_user: afpyro-afpy-org
      command: make html SPHINXBUILD=/home/afpyro-afpy-org/venv/bin/sphinx-build
      args:
        chdir: /home/afpyro-afpy-org/src/docs/
        creates: /home/afpyro-afpy-org/src/docs/build/html/

    - name: systemd afpy.org service
      copy:
        dest: /etc/systemd/system/afpyro-afpy-org.service
        content: |
          [Unit]
          Description=AFPyro website
          After=network.target

          [Service]
          PIDFile=/run/afpyro-afpy-org/website.pid
          User=afpyro-afpy-org
          Group=afpyro-afpy-org
          RuntimeDirectory=afpyro-afpy-org
          WorkingDirectory=/home/afpyro-afpy-org/src/
          ExecStart=/home/afpyro-afpy-org/venv/bin/gunicorn -w 2 \
                    --pid /run/afpyro-afpy-org/website.pid \
                    --bind unix:/run/afpyro-afpy-org/website.sock afpyro:app
          ExecReload=/bin/kill -s HUP $MAINPID
          ExecStop=/bin/kill -s TERM $MAINPID
          PrivateTmp=true

          [Install]
          WantedBy=multi-user.target

    - name: AFPyro is started and running
      service:
        name: afpyro-afpy-org
        state: started
        enabled: true