infrastructure/roles/archwiki/tasks/main.yml

- name: Run maintenance mode
  include_role:
    name: maintenance
  vars:
    service_name: "wiki"
    service_domain: "{{ archwiki_domain }}"
    service_nginx_conf: "{{ archwiki_nginx_conf }}"
  when: maintenance is defined

- name: Create ssl cert
  include_role:
    name: certificate
  vars:
    domains: ["{{ archwiki_domain }}"]
  when: 'archwiki_domain is defined'

- name: Install packages
  pacman: name=git,php-intl state=present

- name: Make archwiki user
  user: name="{{ archwiki_user }}" shell=/bin/false home="{{ archwiki_dir }}" createhome=no
  register: user_created

- name: Fix home permissions
  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0751 path="{{ archwiki_dir }}"

- name: Fix cache permissions
  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/cache"

- name: Fix sessions permissions
  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/sessions"

- name: Fix uploads permissions
  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/uploads"

- name: Set up nginx
  template: src=nginx.d.conf.j2 dest="{{ archwiki_nginx_conf }}" owner=root group=root mode=644
  notify:
    - Reload nginx
  when: maintenance is not defined
  tags: ['nginx']

- name: Configure robots.txt
  copy: src=robots.txt dest="{{ archwiki_dir }}/robots.txt" owner=root group=root mode=0644

- name: Make nginx log dir
  file: path=/var/log/nginx/{{ archwiki_domain }} state=directory owner=root group=root mode=0755

- name: Make debug log dir
  file: path=/var/log/archwiki state=directory owner={{ archwiki_user }} group=root mode=0700

- name: Clone archwiki repo
  git: repo={{ archwiki_repository }} dest="{{ archwiki_dir }}/public" version={{ archwiki_version }}
  become: true
  become_user: "{{ archwiki_user }}"
  notify:
    - Run wiki updatescript
    # archwiki updates often break magic words in mails, leaving them
    # unexpanded until the archwiki-runjobs-wait service is restarted
    - Restart archwiki-runjobs-wait
    # purge the nginx cache and MediaWiki file cache to make sure clients get updated assets
    # as well as freshly rendered pages using the new assets
    - Purge nginx cache
    - Invalidate MediaWiki file cache

- name: Configure archwiki
  template: src=LocalSettings.php.j2 dest="{{ archwiki_dir }}/public/LocalSettings.php" owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0640
  register: config
  no_log: true

- name: Create archwiki db
  mysql_db: name="{{ archwiki_db }}" login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
  register: db_created

- name: Create archwiki db user
  mysql_user: name={{ archwiki_db_user }} password={{ vault_archwiki_db_password }}
              login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
              priv="{{ archwiki_db }}.*:ALL"
  no_log: true

- name: Configure php-fpm
  template:
    src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ archwiki_user }}.conf"
    owner=root group=root mode=0644
  notify:
    - Restart php-fpm@{{ archwiki_user }}

- name: Start and enable systemd socket
  service: name=php-fpm@{{ archwiki_user }}.socket state=started enabled=true

- name: Create memcached.service.d drop-in directory
  file: path=/etc/systemd/system/memcached@archwiki.service.d state=directory owner=root group=root mode=0755

- name: Install memcached.service drop-in
  template: src="memcached.service.d-archwiki.conf.j2" dest="/etc/systemd/system/memcached@archwiki.service.d/archwiki.conf" owner=root group=root mode=0644

- name: Start and enable memcached service
  systemd: name=memcached@archwiki.service state=started enabled=true daemon_reload=true

- name: Install nginx-cache-purge script
  copy: src=nginx-cache-purge dest=/usr/local/bin/nginx-cache-purge owner=root group=root mode=0755

- name: Install systemd services/timers
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
  loop:
    - archwiki-runjobs.service
    - archwiki-runjobs-wait.service
    - archwiki-runjobs.timer
    - archwiki-question-updater.service
    - archwiki-question-updater.timer
    - nginx-cache-purge.service

- name: Start and enable archwiki timers and services
  systemd:
    name: "{{ item }}"
    enabled: true
    state: started
    daemon_reload: true
  with_items:
    - archwiki-runjobs.timer
    - archwiki-runjobs-wait.service
    - archwiki-question-updater.timer
    - nginx-cache-purge.service

- name: Create question answer file
  systemd:
    name: archwiki-question-updater.service
    state: started
    daemon_reload: true

- name: Ensure question answer file exists and set permissions
  file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644