- name: Run maintenance mode
  include_role:
    name: maintenance
  vars:
    service_name: "patchwork"
    service_domain: "{{ patchwork_domain }}"
    service_alternate_domains: []
    service_nginx_conf: "{{ patchwork_nginx_conf }}"
  when: maintenance is defined

- name: Install packages
  pacman: name=gcc,git,python,python-psycopg2,sudo,uwsgi-plugin-python,python-pip state=present

- name: Make patchwork user
  user: name=patchwork shell=/bin/false home="{{ patchwork_dir }}" createhome=no

- name: Fix home permissions
  file: state=directory owner=patchwork group=patchwork mode=0755 path="{{ patchwork_dir }}"

- name: Set patchwork groups
  user: name=patchwork groups=uwsgi

- name: Create ssl cert
  include_role:
    name: certificate
  vars:
    domains: ["{{ patchwork_domain }}"]

- name: Set up nginx
  template: src=nginx.d.conf.j2 dest="{{ patchwork_nginx_conf }}" owner=root group=root mode=644
  notify:
    - Reload nginx
  when: maintenance is not defined
  tags: ['nginx']

- name: Make nginx log dir
  file: path=/var/log/nginx/{{ patchwork_domain }} state=directory owner=root group=root mode=0755

- name: Clone patchwork repo
  git: repo=https://github.com/getpatchwork/patchwork.git dest="{{ patchwork_dir }}" version="{{ patchwork_version }}"
  become: true
  become_user: patchwork
  register: release

- name: Make virtualenv
  command: python -m venv "{{ patchwork_dir }}"/env creates="{{ patchwork_dir }}/env/bin/python"
  become: true
  become_user: patchwork

- name: Install from requirements into virtualenv
  pip: requirements="{{ patchwork_dir }}/requirements-prod.txt" virtualenv="{{ patchwork_dir }}/env" extra_args="--no-binary :all:"
  become: true
  become_user: patchwork
  register: virtualenv

- name: Fix home permissions
  file: state=directory owner=patchwork group=patchwork mode=0755 path="{{ patchwork_dir }}"

- name: Configure patchwork
  template: src=production.py.j2 dest="{{ patchwork_dir }}/patchwork/settings/production.py" owner=patchwork group=patchwork mode=0660
  register: config
  no_log: true

- name: Create patchwork db users
  postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ patchwork_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
  no_log: true
  with_items:
    - { user: "{{ patchwork_db_user }}", password: "{{ vault_patchwork_db_password }}" }
    - { user: "{{ patchwork_db_backup_user }}", password: "{{ vault_patchwork_db_backup_password }}" }

- name: Create patchwork db
  postgresql_db: name="{{ patchwork_db }}" login_host="{{ patchwork_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ patchwork_db_user }}"
  register: db_created

- name: Django migrate
  django_manage: app_path="{{ patchwork_dir }}" command=migrate virtualenv="{{ patchwork_dir }}/env"
  become: true
  become_user: patchwork
  when: (db_created.changed or release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)

- name: DB privileges for patchwork users
  postgresql_privs: database="{{ patchwork_db }}" host="{{ patchwork_db_host }}" login="{{ patchwork_db_user }}" password="{{ vault_patchwork_db_password }}"
                    privs=CONNECT roles="{{ item }}" type=database
  with_items:
    - "{{ patchwork_db_backup_user }}"

- name: Table privileges for patchwork users
  postgresql_privs: database="{{ patchwork_db }}" host="{{ patchwork_db_host }}" login="{{ patchwork_db_user }}" password="{{ vault_patchwork_db_password }}"
                    privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
  with_items:
    - { user: "{{ patchwork_db_backup_user }}", objs: "{{ patchwork_db_backup_table_objs }}" }

- name: Sequence privileges for patchwork users
  postgresql_privs: database="{{ patchwork_db }}" host="{{ patchwork_db_host }}" login="{{ patchwork_db_user }}" password="{{ vault_patchwork_db_password }}"
                    privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
  with_items:
    - { user: "{{ patchwork_db_backup_user }}", objs: "{{ patchwork_db_backup_sequence_objs }}" }

- name: Django collectstatic
  django_manage: app_path="{{ patchwork_dir }}" command=collectstatic virtualenv="{{ patchwork_dir }}/env"
  become: true
  become_user: patchwork
  when: (db_created.changed or release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)

- name: Install patchwork parsemail script
  template: src="patchwork-parsemail-wrapper.sh.j2" dest="/usr/local/bin/patchwork-parsemail-wrapper.sh" owner=root group=root mode=0755

- name: Install sudoer rights for fetchmail to call patchwork
  template: src=sudoers-fetchmail-patchwork.j2 dest=/etc/sudoers.d/fetchmail-patchwork owner=root group=root mode=0440

- name: Install patchwork memcached service
  template: src="patchwork-memcached.service.j2" dest="/etc/systemd/system/patchwork-memcached.service" owner=root group=root mode=0644
  notify:
    - Daemon reload

- name: Install patchwork notification service
  template: src="patchwork-notification.service.j2" dest="/etc/systemd/system/patchwork-notification.service" owner=root group=root mode=0644
  notify:
    - Daemon reload

- name: Install patchwork notification timer
  template: src="patchwork-notification.timer.j2" dest="/etc/systemd/system/patchwork-notification.timer" owner=root group=root mode=0644
  notify:
    - Daemon reload

- name: Deploy patchwork
  template: src=patchwork.ini.j2 dest=/etc/uwsgi/vassals/patchwork.ini owner=patchwork group=http mode=0644

- name: Deploy new release
  file: path=/etc/uwsgi/vassals/patchwork.ini state=touch owner=patchwork group=http mode=0644
  when: (release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)

- name: Start and enable patchwork memcached service and notification timer
  systemd:
    name: "{{ item }}"
    enabled: true
    state: started
    daemon_reload: true
  with_items:
    - patchwork-memcached.service
    - patchwork-notification.timer