---
- import_tasks: "mount_fs.yml"

# pre-create users/groups and copy uids/gids from the current prod copr-dist-git
- group: name="packager" state=present gid=987
- group: name="copr-dist-git" state=present gid=1003
- group: name="apache" state=present gid=48

- name: Create user for git repos and copr-dist-git service
  user: name="copr-dist-git" group=copr-dist-git groups=packager,apache uid=1002

- name: Install packages
  dnf:
    state: present
    name:
      - cgit
      - copr-dist-git
      - highlight
      - nfs-utils
      - rdiff-backup
      - scl-utils-build
      - tmpwatch
      - nagios-plugins-http
  tags:
    - packages

- name: Install latest dist-git and copr-dist-git
  dnf:
    state: present
    name:
      - dist-git
      - dist-git-selinux
      - copr-dist-git

- name: Switch selinux to enforcing
  selinux: policy=targeted state=enforcing

- name: Make sure directories are owned by copr-dist-git user
  ansible.builtin.file: path={{ item }} owner=copr-dist-git group=copr-dist-git state=directory recurse=yes
  with_items:
  - /var/log/copr-dist-git/

- name: Install config for copr-dist-git
  ansible.builtin.template: src=copr-dist-git.conf.j2 dest=/etc/copr/copr-dist-git.conf mode=0644
  tags:
  - config
  - copr_infrastructure_password
  notify:
  - Restart copr-dist-git

- name: Set git variables for copr-dist-git user
  ansible.builtin.copy: src=".gitconfig" dest="/home/copr-dist-git/.gitconfig"

- name: Set git config username
  git_config: name=user.name scope=global value="Copr dist git"

- name: Install httpd config needed for COPR lookaside cache
  ansible.builtin.copy: src="httpd/dist-git/{{ item }}" dest="/etc/httpd/conf.d/dist-git/{{ item }}"
  with_items:
  - lookaside-copr.conf
  tags:
  - config
  notify:
  - Reload httpd

- name: Letsencrypt for copr-dist-git
  include_role: name=copr/certbot
  tags:
    - config
    - certbot

- name: Install copr-dist-git httpd config
  ansible.builtin.copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
  with_items:
  - copr-dist-git.conf
  tags:
  - config
  notify:
  - Reload httpd

- name: Install /etc/httpd/conf.d/ssl.conf
  ansible.builtin.template: src="ssl.conf.j2" dest="/etc/httpd/conf.d/ssl.conf" owner=root group=root mode=0644
  notify:
  - Reload httpd

- name: Temporary logrotation fix until copr-dist-git 0.26 is released & deployed
  ansible.builtin.copy: src="logrotate.d/copr-dist-git" dest="/etc/logrotate.d/copr-dist-git"

- name: Install /etc/dist-git/dist-git.conf file
  ansible.builtin.copy: src="dist-git.conf" dest="/etc/dist-git/dist-git.conf" mode=0644
  tags:
  - config

- name: Install cgitrc
  ansible.builtin.template: src="cgitrc" dest="/etc/cgitrc" owner=root group=root mode=0644

- name: Allow httpd to run cgit
  seboolean: name=httpd_enable_cgi state=true persistent=true

- name: Install robots.txt
  ansible.builtin.copy: src="robots.txt" dest="/var/www/html/" mode=0644
  tags:
  - config

- name: Install cgit error message
  ansible.builtin.copy: src="cgit-error.html" dest="/var/www/html/" mode=0644
  tags:
  - config

- name: Set up tmpwatch cron job
  cron: name="clean tmp" minute="0" job="/usr/sbin/tmpwatch 2h /tmp/"

- name: Ensure that services are enabled and started
  service: name="{{ item }}" enabled=yes state=started
  with_items:
  - "httpd"
  - "dist-git.socket"
  - "copr-dist-git"
  when: not services_disabled|bool

- name: Create place for our custom SELinux policy
  ansible.builtin.file: path=/usr/local/share/selinux state=directory

- name: Copy over our custom selinux policy for cgit
  ansible.builtin.copy: src=git_script_t.pp dest=/usr/local/share/selinux/git_script_t.pp
  register: cgit_selinux_module
  tags:
  - selinux

- name: Install our custom selinux policy for cgit
  ansible.builtin.command: semodule -i /usr/local/share/selinux/git_script_t.pp
  when: cgit_selinux_module is changed
  tags:
  - selinux

- name: Create CGIT config file if it does not exist (takes almost an hour)
  ansible.builtin.command: /usr/bin/copr-dist-git-refresh-cgit creates=/var/cache/cgit/repo-configuration.rc

- name: Ensure that .config directory exists
  ansible.builtin.file: path=/home/copr-dist-git/.config state=directory

- name: Install .config/copr for copr-dist-git user (required for pruning)
  ansible.builtin.template: src="copr.conf" dest="/home/copr-dist-git/.config/copr" owner=copr-dist-git group=copr-dist-git

- name: Install the helper cron scripts
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/usr/local/bin/{{ item }}"
    mode: '0755'
  tags:
    - config
    - cron
  loop:
    - test-too-soon

- name: Install copr-dist-git.daily cron file
  ansible.builtin.copy: src="copr-dist-git.daily" dest="/etc/cron.daily/copr-dist-git" mode=755
  tags:
    - config
    - cron

- name: Install copr-dist-git.weekly cron file
  ansible.builtin.copy: src="copr-dist-git.weekly" dest="/etc/cron.weekly/copr-dist-git" mode=755
  tags:
    - config
    - cron

- name: Drop monthly cron job
  ansible.builtin.file:
    path: /etc/cron.monthly/copr-dist-git
    state: absent
  tags:
    - config
    - cron

- name: Install /etc/gitconfig file
  ansible.builtin.copy: src="gitconfig" dest="/etc/gitconfig"