---

- hosts: all

  vars:

    # These are the Wordpress database settings

    db_name: corpus

    db_user: corpus

    db_password: md5bf687edf8c06f3f1aa3759c82c1217a0

    site_name: corpus-parole.local

  tasks:

#   - name: install language pack

#     command: localedef -v -c -i en_US -f UTF-8 en_US.UTF-8

    - name: set hostname

      hostname: name={{site_name}}

    - name: ensure correct locale LC_ALL

      lineinfile: dest=/etc/sysconfig/i18n regexp=^LC_ALL= line=LC_ALL="en_US.UTF-8"

    - name: ensure correct locale LANG

      lineinfile: dest=/etc/sysconfig/i18n regexp=^LANG= line=LANG="en_US.UTF-8"

    - name: set .bashrc

      copy: src=files/.bashrc dest=/home/vagrant/.bashrc force=yes

    - name: set .profile

      copy: src=files/.profile dest=/home/vagrant/.profile force=yes

    - name: yum update

      yum: name=* update_cache=yes state=latest

    - name: repo ignore outdated postgres base

      ini_file:

        dest: /etc/yum.repos.d/CentOS-Base.repo

        section: base

        option: exclude=postgresql*

    - name: repo ignore outdated postgres update

      ini_file:

        dest: /etc/yum.repos.d/CentOS-Base.repo

        section: updates

        option: exclude=postgresql*

    - name: additional repos install

      yum: name={{item}} state=latest

      with_items:

        - epel-release

        - centos-release-SCL

    # Remi yum repository.

    - stat: path=/etc/yum.repos.d/remi.repo

      register: remi_repo

    - name: Download Remi repo.

      get_url: url=http://rpms.famillecollet.com/enterprise/remi-release-6.rpm dest=/tmp/

      when: remi_repo.stat.exists == False

    - name: Install Remi repo.

      command: rpm -Uvh --force /tmp/remi-release-6.rpm creates=/etc/yum.repos.d/remi.repo

    - name : delete remi rpm

      file: path=/tmp/remi-release-6.rpm state=absent

    # postgres yum repository.

    - stat: path=/etc/yum.repos.d/pgdg-94-centos.repo

      register: postgres_repo

    - name: Download Postgres repo.

      get_url: url=http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-1.noarch.rpm dest=/tmp/

      when: postgres_repo.stat.exists == False

    - name: Install postgres repo.

      command: rpm -Uvh --force /tmp/pgdg-centos94-9.4-1.noarch.rpm creates=/etc/yum.repos.d/pgdg-94-centos.repo

    - name : delete postgres rpm

      file: path=/tmp/pgdg-centos94-9.4-1.noarch.rpm state=absent

    - name: additional repos install epel

      ini_file:

        dest: /etc/yum.repos.d/epel.repo

        section: epel

        option: enabled

        value: 1

    - name: yum update after repos

      yum: name=* update_cache=yes state=latest

    #TODO install alternative packages

    - name: install libs

      yum: name={{item}} state=latest enablerepo=remi

      with_items:

        - nginx

        - postgresql94-server

        - python-psycopg2

        - htop

        - openssl

        - php

        - php-cli

        - php-fpm

        - php-mbstring

        - php-mcrypt

        - php-curl

        - php-gd

        - php-json

        - php-pgsql

        - php-xml

        - java-1.8.0-openjdk

        - tomcat6

#TODO: check php-fpm config in /etc/php5/fpm/...

#    - name: Start the services

#      service: name={{item}} state=started enabled=true

#      with_items:

#        - postgres

#        - nginx

#        - tomcat

## php-fpm config

# set fpm user to nginx

# authoroze /var/log/php-fpm

    - name: copy sysconfig for php-fpm

      copy: src=files/sysconfig_php-fpm dest=/etc/sysconfig/php-fpm

    - name: set /var/log/php-fpm permission

      file: path=/var/log/php-fpm/ state=directory owner=nginx group=nginx

    - name: set php-fpm listen to socket

      lineinfile:

        dest: /etc/php-fpm.d/www.conf

        regexp: '^listen\s*='

        line: 'listen = /var/run/php-fpm/php-fpm.sock'

        state: present

    - name: set php-fpm user

      lineinfile:

        dest: /etc/php-fpm.d/www.conf

        regexp: '^user\s*='

        line: 'user = nginx'

        state: present

    - name: set php-fpm group

      lineinfile:

        dest: /etc/php-fpm.d/www.conf

        regexp: '^group\s*='

        line: 'group = nginx'

        state: present

    - name: set php-fpm user

      lineinfile:

        dest: /etc/php-fpm.d/www.conf

        regexp: '^;listen.owner\s*='

        line: 'listen.owner = nginx'

        state: present

    - name: set php-fpm group

      lineinfile:

        dest: /etc/php-fpm.d/www.conf

        regexp: '^;listen.group\s*='

        line: 'listen.group = nginx'

        state: present

    - name: set php-fpm permission

      lineinfile:

        dest: /etc/php-fpm.d/www.conf

        regexp: '^;listen.mode\s*='

        line: 'listen.mode = 0660'

        state: present

    - name: restart php-fpm

      service: name=php-fpm state=restarted enabled=yes

## nginx config

    - name: create ssl folder

      file: path=/etc/nginx/ssl state=directory mode=0700

    - name: generate ssl key

      command: openssl genrsa -out "/etc/nginx/ssl/{{ site_name }}.key" 1024

      args:

        creates: /etc/nginx/ssl/{{ site_name }}.key

    - name: generate ssl csr

      command: openssl req -new -key /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.csr -subj "/CN={{ site_name }}/O=Vagrant/C=UK"

      args:

        creates: /etc/nginx/ssl/{{ site_name }}.csr

    - name: generate ssl certificate

      command: openssl x509 -req -days 365 -in /etc/nginx/ssl/{{ site_name }}.csr -signkey /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.crt

      args:

        creates: /etc/nginx/ssl/{{ site_name }}.crt

    - name: change nginx default

      template: src=files/site.j2 dest=/etc/nginx/nginx.conf mode=0644 force=yes

    - name: restart nginx

      service: name=nginx state=restarted enabled=yes

## postgres

    - name: set postgresql to start

      service: name=postgresql-9.4 enabled=yes

    - name: postgresql initdb

      command: service postgresql-9.4 initdb

      args:

        creates: /var/lib/pgsql/9.4/data/postgresql.conf

## configure tomcat

    - name: set JAVA_HOME

      lineinfile:

        dest: /etc/tomcat6/tomcat6.conf

        regexp: '^\#JAVA_HOME='

        line: JAVA_HOME="/etc/alternatives/jre_1.8.0"

        state: present

## Install sesame

    - stat: path=/var/lib/tomcat6/webapps/openrdf-sesame.war

      register: sesame_jar

    - name: download sesame

      get_url: url=http://sourceforge.net/projects/sesame/files/Sesame%202/2.8.3/openrdf-sesame-2.8.3-sdk.tar.gz/download dest=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz

      when: sesame_jar.stat.exists == False

    - name: create sesame untar dest

      file: path=/tmp/openrdf-sesame-2.8.3-sdk state=directory

      when: sesame_jar.stat.exists == False

    - name: unarchive sesame

      unarchive: src=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz dest=/tmp/openrdf-sesame-2.8.3-sdk copy=false

      when: sesame_jar.stat.exists == False

    - name: deploy sesame jar

      shell: cp /tmp/openrdf-sesame-2.8.3-sdk/openrdf-sesame-2.8.3/war/*.war /var/lib/tomcat6/webapps/

      when: sesame_jar.stat.exists == False

    - name: create sesame data folder

      file: path=/var/lib/sesame/data state=directory owner=tomcat group=tomcat

      when: sesame_jar.stat.exists == False

    - name: update tomcat config

      lineinfile:

        dest: /etc/tomcat6/tomcat6.conf

        line: 'JAVA_OPTS=\"${JAVA_OPTS} -Dinfo.aduna.platform.appdata.basedir=/var/lib/sesame/data\"'

        state: present

      when: sesame_jar.stat.exists == False

    - name: restart tomcat

      service: name=tomcat6 state=restarted enabled=yes

      when: sesame_jar.stat.exists == False

    - name : delete sesame archive

      file: path=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz state=absent

    - name : delete sesame untar

      file: path=/tmp/openrdf-sesame-2.8.3-sdk state=absent

#set postgresql local access to trust

    - name: add trust access for postgresql user

      lineinfile:

        dest: /var/lib/pgsql/9.4/data/pg_hba.conf

        regexp: '^host\s+all\s+postgres\s+.127\.0\.0\.1\/32\s+trust$'

        insertafter: '^#\sIPv4\slocal.+'

        line: 'host   all             postgres        127.0.0.1/32            trust'

    - name: postgresql start

      service: name=postgresql-9.4 state=started

    - name: Create database user

      postgresql_user: name={{ db_user }} password={{ db_password }} state=present

      sudo: yes

      sudo_user: postgres

    - name: create database

      postgresql_db: name={{ db_name }} encoding=utf8 owner={{ db_user }} state=present

      sudo: yes

      sudo_user: postgres

    - name: restart postgres

      service: name=postgresql-9.4 state=restarted

## Install dev dependencies

    - name: install dev tools

      yum: name="{{item}}" state=latest

      with_items:

        - "@Development tools"

    #install composer

    - stat: path=/usr/local/bin/composer

      register: composer_bin

    - name: install composer

      shell: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin

      when: composer_bin.stat.exists == False

    - name: rename composer

      command: mv /usr/local/bin/composer.phar /usr/local/bin/composer

      when: composer_bin.stat.exists == False

    #install node

    - stat: path=/usr/bin/node

      register: node_bin

    - name: install node rpm

      shell: curl -sL https://rpm.nodesource.com/setup | bash -

      when: node_bin.stat.exists == False

    - name: install node

      yum: name=nodejs state=latest

      when: node_bin.stat.exists == False

## open ports

    - name: get iptables rules

      shell: iptables -L

      register: iptablesrules

      always_run: yes

      sudo: true

    - name: add nginx http iptable rule

      command: /sbin/iptables -I INPUT 1 -p tcp --dport http -j ACCEPT -m comment --comment "nginx 80"

      sudo: true

      when: iptablesrules.stdout.find("nginx 80") == -1

    - name: add nginx http iptable rule

      command: /sbin/iptables -I INPUT 1 -p tcp --dport https -j ACCEPT -m comment --comment "nginx 443"

      sudo: true

      when: iptablesrules.stdout.find("nginx 443") == -1

    - name: add postgresql iptable rule

      command: /sbin/iptables -I INPUT 1 -p tcp --dport 5432 -j ACCEPT -m comment --comment "postgresql"

      sudo: true

      when: iptablesrules.stdout.find("postgresql") == -1

    - name: add tomcat iptable rule

      command: /sbin/iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT -m comment --comment "tomcat"

      sudo: true

      when: iptablesrules.stdout.find("tomcat") == -1

    - name: save iptables

      command: service iptables save

      sudo: true

    - name: restart iptables

      service: name=iptables state=restarted

      sudo: true

  handlers:

    - name: nginx-restart

      action: service name=nginx update_cache=yes state=latest

# - name: install nginx

#   apt: name=nginx

#

# - name: change nginx default

#   copy: src=files/default dest=/etc/nginx/sites-available/ mode=0644 force=yes

#

# - name: install software-properties-common

#   apt: name=software-properties-common

#

# - name: add repo

#   copy: src=files/mariadb.list dest=/etc/apt/sources.list.d/

#   register: mariadb_repo_present

#

# - name: add repokey

#   command: apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db

#   when: mariadb_repo_present.changed

#

# - name: apt install mariadb

#   apt: name={{item}} update_cache=yes

#   with_items:

#     - mysql-common=5.1.67-mariadb122~precise

#     - libmariadbclient16=5.1.67-mariadb122~precise

#     - mariadb-client-core-5.1=5.1.67-mariadb122~precise

#     -

#     - mariadb-server