#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Set up webroot for {{ gitlab_repo }}
  block:
    - name: Add repository keys
      apt_key:
        url: "{{ item }}"
      loop:
        - "https://dl.yarnpkg.com/debian/pubkey.gpg"
    - name: Add repositories
      apt_repository:
        repo: "{{ item }}"
      loop:
        - "ppa:brightbox/ruby-ng" # Ruby version in 18.10 is out-of-date per GitLab 12.2
        - "deb https://dl.yarnpkg.com/debian/ stable main"
      register: repo
    - name: Update repos
      apt:
        upgrade: "yes"
        update_cache: yes
      when: repo is changed
    - name: Install dependencies
      apt:
        name:
          - build-essential
          - checkinstall
          - cmake
          - curl
          - git
          - git-core
          - golang
          - graphicsmagick
          - libcurl4-openssl-dev
          - libffi-dev
          - libgdbm-dev
          - libicu-dev
          - libncurses5-dev
          - libre2-dev
          - libreadline-dev
          - libssl-dev
          - libxml2-dev
          - libxslt-dev
          - libyaml-dev
          - logrotate
          - nodejs
          - openssh-server
          - pkg-config
          - python-docutils
          - rsync
          - ruby
          - runit
          - yarn
          - zlib1g-dev
    - name: Add gitlab user
      user:
        name: git
        home: "/home/git"
        groups:
          - "redis"
        comment: "GitLab"
        shell: "/usr/sbin/nologin"
    - name: Set up MySQL
      block:
        - name: Create database
          mysql_db:
            name: gitlab
            login_user: root
            login_password: "{{ mysql_root_password }}"
            state: present
        - name: Create Gitlab user
          mysql_user:
            name: gitlab
            host: localhost
            password: "{{ gitlab_mysql_password }}"
            priv: "gitlab.*:ALL,GRANT"
            login_user: root
            login_password: "{{ mysql_root_password }}"
    - name: Clone and build GitLab
      block:
        - name: Clone GitLab
          git:
            depth: 1
            dest: "/home/git/gitlab"
            force: yes
            repo: "https://gitlab.com/gitlab-org/gitlab-foss.git"
            version: 12-10-stable
        - name: Create public directory
          file:
            path: "/home/git/public"
            mode: "0755"
            state: directory
        - name: Create uploads directory
          file:
            path: "/home/git/public/uploads"
            mode: "0700"
            state: directory
        - name: Copy secrets
          copy:
            src: "/home/git/gitlab/config/secrets.yml.example"
            dest: "/home/git/gitlab/config/secrets.yml"
            remote_src: yes
        - name: Copy configs around
          copy:
            src: "{{ item.src }}"
            dest: "{{ item.dest }}"
          loop:
            - { src: "gitlab.yml", dest: "/home/git/gitlab/config/gitlab.yml" }
            - { src: "pumba.rb", dest: "/home/git/gitlab/config/puma.rb" }
            - { src: "rack_attack.rb", dest: "/home/git/gitlab/config/initializers/rack_attack.rb" }
            - { src: "resque.yml", dest: "/home/git/gitlab/config/resque.yml" }
        - name: Change permissions
          file:
            path: "{{ item.src }}"
            state: touch
            mode: "{{ item.mode }}"
          loop:
            - { src: "/home/git/gitlab/log", mode: "u+rwX,go-w" }
            - { src: "/home/git/gitlab/tmp", mode: "u+rwX" }
            - { src: "/home/git/gitlab/tmp/pids", mode: "u+rwX" }
            - { src: "/home/git/gitlab/tmp/sockets", mode: "u+rwX" }
            - { src: "/home/git/gitlab/builds", mode: "u+rwX" }
            - { src: "/home/git/gitlab/shared/artifacts", mode: "u+rwX" }
            - { src: "/home/git/gitlab/shared/pages", mode: "u+rwX" }
        - name: Configure git
          git_config:
            name: "{{ item.name }}"
            value: "{{ item.value }}"
          loop:
            - { name: "core.autocrlf", value: "input" }
            - { name: "gc.auto", value: "0" }
            - { name: "repack.writeBitmaps", value: "true" }
            - { name: "receive.advertisePushOptions", value: "true" }
            - { name: "core.fsyncObjectFiles", value: "true" }
      become: yes
      become_user: git
    - name: Set up Apache
      block:
        - name: Create webroot
          file:
            path: "{{ gitlab_webroot }}"
            src: "/home/git/public"
            mode: "0755"
            state: link
        - name: Copy over virtual host configs
          template:
            src: apache2-vhost-ssl.conf
            dest: "/etc/apache2/sites-available/{{ gitlab_url }}.conf"
          notify: restart apache
        - name: Enable config
          command:
            cmd: "a2ensite {{ gitlab_url }}.conf"
            creates: "/etc/apache2/sites-enabled/{{ gitlab_url }}.conf"
          notify: restart apache
    - name: Generate certificate
      include_role:
        name: https
      vars:
        website_url: "{{ gitlab_url }}"
        website_webroot: "{{ gitlab_webroot }}"
  become: yes