#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Install, configure, and start Nextcloud
  block:
  - name: Install Nextcloud-required packages
    apt:
      name:
        - php-imagick
        - php-redis
        - php-pgsql
        - php-bcmath
        - php-gmp
    notify: restart apache
  - name: Set up PostgreSQL
    block:
      - name: Create DB user
        postgresql_user:
          name: nextcloud
          password: "{{ nextcloud.db.pass }}"
          login_host: "{{ nextcloud.db.hostname }}"
          login_user: "{{ psql.ansible.user }}"
          login_password: "{{ psql.ansible.pass }}"
      - name: Create DB
        postgresql_db:
          name: nextcloud
          owner: nextcloud
          encoding: UNICODE
          login_host: "{{ nextcloud.db.hostname }}"
          login_user: "{{ psql.ansible.user }}"
          login_password: "{{ psql.ansible.pass }}"
    tags: [ postgresql ]
  - name: Set up Apache
    block:
      - name: Create webroot
        file:
          path: "{{ nextcloud_webroot }}"
          mode: "0750"
          state: directory
      - name: Check for existing installation
        stat:
          path: "{{ nextcloud_webroot }}/index.html"
        register: stat_webroot_index
      - name: Install Nextcloud
        block:
          - name: Download Nextcloud
            get_url:
              dest: /var/www/nextcloud.tar.bz2
              url: "{{ nextcloud_tarbz2 }}"
          - name: Extract Nextcloud
            unarchive:
              src: /var/www/nextcloud.tar.bz2
              remote_src: yes
              dest: "{{ nextcloud_webroot }}"
              extra_opts: [--strip-components=1]
            notify: restart apache
          - name: Chown webroot
            # Nextcloud docs say Apache needs write access, so it gets write access
            file:
              path: "{{ nextcloud_webroot }}"
              state: directory
              recurse: yes
              owner: www-data
              group: www-data
          - name: Cleanup
            file:
              path: /var/www/nextcloud.tar.bz2
              state: absent
        when: not stat_webroot_index.stat.exists
      - name: Create data directory
        file:
          path: "/var/nextcloud"
          state: directory
          mode: 0700
          owner: www-data
          group: www-data
      - name: Set up EFS mount
        block:
          - name: Install required packages
            apt:
              name:
                - nfs-client
          - name: Create EFS
            efs:
              name: "{{ nextcloud.efs.name }}"
              encrypt: yes
              region: "{{ nextcloud.efs.region }}"
              targets:
                - subnet_id: "{{ nextcloud.efs.subnet_id }}"
                  security_groups:  [ "{{ nextcloud.efs.security_group }}" ]
            register: efs
          - name: Mount EFS
            mount:
              path: /var/nextcloud
              src: "{{ efs.efs.filesystem_address }}"
              fstype: nfs4
              opts: "nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport"
              state: mounted
        when : nextcloud.efs.name is defined
        tags: [ nextcloudefs ]
      - name: Assert permissions
        block:
          - name: Tighten config.php
            file:
              path: "{{ nextcloud_webroot }}/config/config.php"
              mode: "0640"
          - name: Loosen occ
            file:
              path: "{{ nextcloud_webroot }}/occ"
              mode: "0755"
      - name: Set up Nextcloud cronjob
        cron:
          user: www-data
          name: "nextcloud-cron"
          minute: "*/5"
          job: 'php -f "{{ nextcloud_webroot }}/cron.php"'
  - name: Copy over virtual host configs
    template:
      src: apache2-vhost-ssl.conf
      dest: "/etc/apache2/sites-available/{{ nextcloud.url }}.conf"
    notify: restart apache
  - name: Enable config
    command:
      cmd: "a2ensite {{ nextcloud.url }}.conf"
      creates: "/etc/apache2/sites-enabled/{{ nextcloud.url }}.conf"
    notify: restart apache
  - name: Generate certificate
    include_role:
      name: https
    vars:
      website_url: "{{ nextcloud.url }}"
      website_webroot: "{{ nextcloud_webroot }}"
  - name: Template out backup module
    template:
      src: "backup.sh"
      dest: "/opt/backups/modules/{{ nextcloud.url }}.sh"
      mode: "0600"
  become: yes