---
- name: VPS 2 setup
  hosts: vps2
  gather_facts: false
  tasks:
    #####
    # APP: docker registry, /apps/registry
    #####
    - name: Create /apps/registry
      ansible.builtin.file:
        path: "/apps/registry"
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Create /apps/registry/data
      ansible.builtin.file:
        path: "/apps/registry/data"
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Copy over registry config.yml
      ansible.builtin.copy:
        dest: /apps/registry/config.yml
        src: ../apps/registry/config.yml
        mode: "u=r,g=r,o=r"
    - name: Copy secrets user file
      ansible.builtin.copy:
        dest: "/apps/registry/htpasswd"
        src: "../secrets/registry/htpasswd"
        mode: "u=r,g=r,o=r"
    #####
    # APP: widetom, /apps/widetom
    #####
    - name: Create /apps/widetom
      ansible.builtin.file:
        path: "/apps/widetom"
        state: directory
        mode: u=rwx,g=rx,o=rx
    - name: Copy widetom config.toml
      ansible.builtin.copy:
        dest: "/apps/widetom/config.toml"
        src: "../secrets/widetom/config.toml"
        mode: "u=r,g=r,o=r"
    - name: Copy widetom bot_token
      ansible.builtin.copy:
        dest: "/apps/widetom/bot_token"
        src: "../secrets/widetom/bot_token"
        mode: "u=r,g=r,o=r"
    #####
    # APP: killua bot, /apps/killua
    #####
    - name: Create /apps/killua
      ansible.builtin.file:
        path: /apps/killua
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    #####
    # APP: karin bot, /apps/karin-bot
    #####
    - name: Create /apps/karin-bot
      ansible.builtin.file:
        path: /apps/karin-bot
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: "Copy karin .env secret"
      ansible.builtin.copy:
        dest: "/apps/karin-bot/.env"
        src: "../secrets/karin-bot/.env"
        mode: "u=r,g=r,o=r"
      # TODO: Mount a volume in the karin-db to this directory
    #####
    # APP: cors-school, /apps/cors-school
    #####
    - name: Create /apps/cors-school
      ansible.builtin.file:
        path: /apps/cors-school
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Copy secret envs
      ansible.builtin.copy:
        dest: "/apps/cors-school/{{ item }}"
        src: "../secrets/cors-school/{{ item }}"
        mode: "u=r,g=r,o=r"
      with_items:
        - bot.env
        - db.env
        - server.env
    #####
    # APP: hugo-chat, /apps/hugo-chat
    #####
    - name: Create /apps/hugo-chat
      ansible.builtin.file:
        path: /apps/hugo-chat
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    #####
    # APP: bisect-rustc-servce, /apps/bisect-rustc-service
    #####
    - name: Create /apps/bisect-rustc-service
      ansible.builtin.file:
        path: /apps/bisect-rustc-service
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: SQLite DB permissions for bisect-rustc-servce
      ansible.builtin.file:
        path: /apps/bisect-rustc-service/db.sqlite
        state: touch
        mode: "u=rw,g=rw,o=rw"
    #####
    # APP: minecraft server, /apps/minecraft
    #####
    - name: Create /apps/minecraft
      ansible.builtin.file:
        path: /apps/minecraft
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Copy minecraft secrets
      ansible.builtin.copy:
        dest: "/apps/minecraft/.env"
        src: "../secrets/minecraft/.env"
        mode: "u=r,g=r,o=r"
    #####
    # APP: Exim mail server
    #####
    - name: Install exim4
      ansible.builtin.apt:
        name: exim4
        state: present
    - name: Ensure Exim is started
      ansible.builtin.service:
        name: exim4
        state: started
      # Using mbox, domain nilstrieb.dev
    - name: Copy Exim config file
      ansible.builtin.copy:
        dest: "/etc/exim4/exim4.conf.template"
        src: "../apps/exim/exim4.conf.template"
        mode: "u=r,g=r,o=r"
      notify:
        - "Exim configuration changed"
    - name: Copy Exim passwd
      ansible.builtin.copy:
        dest: "/etc/exim4/passwd"
        src: "../secrets/exim/passwd"
        owner: Debian-exim
        group: root
        # Use should explicitly make it rw before adding users to not forget to update ../secrets/exim/passwd
        mode: "u=r,g=r,o="
    # Install saslauthd
    - name: Install saslauthd
      ansible.builtin.apt:
        name: sasl2-bin
        state: present
    - name: Copy saslauthd config
      ansible.builtin.copy:
        dest: "/etc/default/saslauthd"
        src: "../apps/exim/saslauthd-conf"
        mode: "u=r,g=r,o=r"
    - name: Debian-exim in sasl group
      ansible.builtin.user:
        name: Debian-exim
        groups: sasl
        append: true
    - name: Start salsauthd
      ansible.builtin.service:
        name: syslauthd
    #####
    # END: docker compose up!
    #####
    # We want this to be last so that all app-specific config has been done.
    - name: Copy .env
      ansible.builtin.copy:
        dest: "/apps/.env"
        src: "../secrets/vps2.env"
        mode: "u=r,g=r,o=r"
    - name: Docker compose up! 🚀
      community.docker.docker_compose:
        project_src: /apps
        restarted: true
    #####
    # POST: things after starting up
    #####
    - name: Run CORS db migrations
      ansible.builtin.shell: |
        docker exec -w /app/server cors-school-server diesel migration run
  handlers:
    - name: "Exim configuration changed"
      ansible.builtin.shell: set -e ; update-exim4.conf && systemctl restart exim4.service