---
# file: roles/vikunja/tasks/main.yml

- name: Install vikunja
  package:
    name: "https://dl.vikunja.io/vikunja/0.23.0/vikunja-0.23.0-x86_64.rpm"
    state: present
    disable_gpg_check: True

- name: Install nginx
  package:
    name: nginx
    state: present

- name: Deploy vikunja configuration file
  template:
    src: "config.yml.j2"
    dest: "/etc/vikunja/config.yml"
  notify: Restart vikunja

- name: Start and enable vikunja services
  service:
    name: vikunja
    state: started
    enabled: yes
  
- name: Install mariadb packages
  package:
    name:
      - mariadb-server
    state: latest
  when: vikunja_config_database_type == "mysql"

- name: Install PyMySQL
  pip:
    name: pymysql
    state: present
  when: vikunja_config_database_type == "mysql"

- name: Start and enable mariadb
  service:
    name: mariadb
    state: started
    enabled: yes
  when: vikunja_config_database_type == "mysql"

- name: Delete anonymous MySQL server user
  mysql_user:
    user: ""
    host_all: yes
    state: "absent"
    check_implicit_admin: true
    login_unix_socket: /var/lib/mysql/mysql.sock
  when: vikunja_config_database_type == "mysql"

- name: Remove the default MySQL test database
  mysql_db:
    db: test
    state: absent
    check_implicit_admin: true
    login_unix_socket: /var/lib/mysql/mysql.sock
  when: vikunja_config_database_type == "mysql"

- name: Creating Vikunja DB
  mysql_db:
    name: "{{ vikunja_config_database_database }}"
    state: present
    encoding: utf8
    check_implicit_admin: true
    login_unix_socket: /var/lib/mysql/mysql.sock
  when: vikunja_config_database_type == "mysql"

- name: Creating Vikunja DB User
  mysql_user:
    name: "{{ vikunja_config_database_user }}"
    password: "{{ vikunja_config_database_password }}"
    priv: "{{ vikunja_config_database_database + '.*:ALL' }}"
    state: present
    check_implicit_admin: true
    login_unix_socket: /var/lib/mysql/mysql.sock
  when: vikunja_config_database_type == "mysql"

- name: Deploy nginx configuration file
  template:
    src: "{{ vikunja_nginx_config }}"
    dest: "/etc/nginx/conf.d/{{ vikunja_nginx_config_output }}"
  notify: Reload nginx

- name: Allow nginx to read files in output dir
  sefcontext:
    target: "/etc/nginx/conf.d/{{ vikunja_nginx_config_output }}"
    setype: httpd_config_t
    state: present

- name: Apply new SELinux file context to filesystem
  command: "restorecon -irv /etc/nginx/conf.d/{{ vikunja_nginx_config_output }}"

- name: Set selinuxuser_execmod flag
  seboolean:
    name:  selinuxuser_execmod
    state: true
    persistent: true

- name: Set httpd_can_network_connect flag
  seboolean:
    name: httpd_can_network_connect
    state: true
    persistent: true

- name: Enable firewall rule for access
  firewalld:
    port: "{{ vikunja_port }}"
    permanent: yes
    immediate: yes
    state: enabled
  notify: Reload firewalld
  when: vikunja_access_ip == ""

- name: "Enable firewall rule for access from Access IP"
  firewalld:
    rich_rule: 'rule family="ipv4" source address={{ vikunja_access_ip }} port port={{ vikunja_port.split("/").0 }} protocol={{ vikunja_port.split("/").1 }} accept'
    permanent: yes
    state: enabled
    immediate: yes
  notify: Reload firewalld
  when: vikunja_access_ip != ""

- name: Allow nginx to listen on port
  seport:
    ports: "{{ vikunja_port.split('/').0 }}"
    proto: "{{ vikunja_port.split('/').1 }}"
    setype: http_port_t
    state: present

- name: Start and enable nginx services
  service:
    name: nginx
    state: started
    enabled: yes