---
- name: run maintenance mode
  include_role:
    name: maintenance
  vars:
    service_name: "Bugtracker"
    service_domain: "{{ flyspray_domain }}"
    service_alternate_domains: []
    service_nginx_conf: "{{ flyspray_nginx_conf }}"
  when: maintenance is defined

- name: install git
  pacman: name=git state=present

- name: make flyspray user
  user: name="{{ flyspray_user }}" shell=/bin/false home="{{ flyspray_dir }}" createhome=no
  register: user_created

- name: fix home permissions
  file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}" mode=0750

- name: set up nginx
  template: src=nginx.d.conf.j2 dest="{{ flyspray_nginx_conf }}" owner=root group=root mode=644
  notify:
    - reload nginx
  when: maintenance is not defined
  tags: ['nginx']

- name: make nginx log dir
  file: path=/var/log/nginx/{{ flyspray_domain }} state=directory owner=root group=root mode=0755

- name: create setup dir with write permissions
  file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=755
  when: falset user_created.changed

- name: clone flyspray repo
  git:
    repo: https://git.archlinux.org/vhosts/bugs.archlinux.org.git
    version: "{{ flyspray_commit }}"
    dest: "{{ flyspray_dir }}"
  become: true
  become_user: "{{ flyspray_user }}"
  register: release

- name: take away setup dir write permissions
  file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=000

- name: configure flyspray
  template: src=flyspray.conf.php.j2 dest=/srv/http/flyspray/flyspray.conf.php owner="{{ flyspray_user }}" group="{{ flyspray_user }}" mode=0660
  register: config
  no_log: true

- name: create flyspray db
  mysql_db: name="{{ flyspray_db }}" login_host="{{ flyspray_db_host }}" login_password="{{ vault_mariadb_users.root }}"
  register: db_created

- name: create flyspray db user
  mysql_user: name={{ flyspray_db_user }} password={{ vault_flyspray_db_password }}
              login_host="{{ flyspray_db_host }}" login_password="{{ vault_mariadb_users.root }}"
              priv="{{ flyspray_db }}.*:ALL"
  no_log: true

- name: configure php-fpm
  template:
    src=php-fpm.conf.j2 dest="/etc/php7/php-fpm.d/{{ flyspray_user }}.conf"
    owner=root group=root mode=0644
  notify:
    - restart php-fpm7@flyspray

- name: install fail2ban register ban filter
  template: src=fail2ban.filter.j2 dest=/etc/fail2ban/filter.d/nginx-flyspray-register.local owner=root group=root mode=0644
  notify:
    - restart fail2ban
  tags:
    - fail2ban

- name: install fail2ban register ban jail
  template: src=fail2ban.jail.j2 dest=/etc/fail2ban/jail.d/nginx-flyspray-register.local owner=root group=root mode=0644
  notify:
    - restart fail2ban
  tags:
    - fail2ban

- name: start and enable systemd socket
  service: name=php-fpm7@flyspray.socket state=started enabled=true