---
- name: Install needed packages
  become: true
  ansible.builtin.apt:
    name:
      - git
      - acl  # for become_user: forgejo
    state: present

- name: Get local public IP
  ansible.builtin.uri:
    url: https://ipinfo.io/ip
    return_content: true
  register: local_public_ip

- name: Get public IP of "{{ tunuifranken_domain }}"
  ansible.builtin.set_fact:
    target_public_ip: "{{ lookup('community.general.dig', tunuifranken_domain, '@1.1.1.1') }}"

- name: Deploy letsencrypt certificate (HTTP-01)
  when: local_public_ip == target_public_ip
  ansible.builtin.include_role:
    name: add_cert_http_01
  vars:
    letsencrypt_domain: "{{ tunuifranken_domain }}"
    letsencrypt_email: "{{ tunuifranken_server_admin }}"
    letsencrypt_post_hook: systemctl restart apache2

- name: Deploy letsencrypt certificate (DNS-01)
  when: local_public_ip != target_public_ip
  ansible.builtin.include_role:
    name: add_cert_dns_01
  vars:
    letsencrypt_domain: "{{ tunuifranken_domain }}"
    letsencrypt_email: "{{ tunuifranken_server_admin }}"
    letsencrypt_post_hook: systemctl restart apache2

- name: Create tunuifranken group
  become: true
  ansible.builtin.group:
    name: tunuifranken
    system: true

- name: Create tunuifranken user
  become: true
  ansible.builtin.user:
    name: tunuifranken
    group: tunuifranken
    create_home: true
    home: /var/lib/tunuifranken
    shell: /bin/false
    system: true

- name: Create tunuifranken directory
  become: true
  ansible.builtin.file:
    path: "/var/www/{{ tunuifranken_domain }}"
    owner: tunuifranken
    group: tunuifranken
    state: directory
    mode: 0775

- name: Copy vHost conf
  become: true
  ansible.builtin.template:
    src: apache2/vhost.conf.j2
    dest: "/etc/apache2/sites-available/{{ tunuifranken_domain }}.conf"
    mode: 0644
  notify: Reload apache2 service

- name: Activate vHost
  become: true
  ansible.builtin.command: "a2ensite {{ tunuifranken_domain }}.conf"
  register: result
  changed_when: "'already enabled' not in result.stdout"
  notify: Reload apache2 service

- name: Create .ssh dir
  become: true
  become_user: tunuifranken
  ansible.builtin.file:
    path: ~/.ssh
    state: directory
    owner: tunuifranken
    group: tunuifranken
    mode: 0700

- name: Add SSH public key
  become: true
  become_user: tunuifranken
  ansible.builtin.copy:
    content: "{{ tunuifranken_ssh_keys.pub }}"
    dest: ~/.ssh/id_rsa.pub
    owner: tunuifranken
    group: tunuifranken
    mode: 0644

- name: Add SSH private key
  become: true
  become_user: tunuifranken
  ansible.builtin.copy:
    content: "{{ tunuifranken_ssh_keys.priv }}"
    dest: ~/.ssh/id_rsa
    owner: tunuifranken
    group: tunuifranken
    mode: 0600

- name: Clone tunuifranken.info repo
  become: true
  become_user: tunuifranken
  ansible.builtin.git:
    repo: git@tunuifranken.info:flyingscorpio/tunuifranken.info.git
    dest: "/var/www/{{ tunuifranken_domain }}"
    clone: true
    version: main
    update: false
    accept_newhostkey: true