---

- name: Install backup software
  apt: name="{{ item }}" state=installed
  with_items:
    - duplicity
    - duply

- name: Set-up Duply directories
  file: path="{{ item }}" state=directory owner=root group=root mode=700
  with_items:
    - "/etc/duply"
    - "/etc/duply/main"
    - "/etc/duply/main/patterns"
    - "/etc/duply/main/gnupg"
    - "/etc/duply/main/ssh"
    - "/var/cache/duply"
    - "/var/cache/duply/main"

- name: Deploy GnuPG private keys
  copy: content="{{ backup_encryption_key }}" dest="/etc/duply/main/private_keys.asc"
        owner=root group=root mode=600
  notify:
    - Clean-up GnuPG keyring for import of new keys
    - Import private keys
    - Import public keys

- name: Deploy GnuPG public keys
  copy: content="{{ backup_additional_encryption_keys | join('\n') }}" dest="/etc/duply/main/public_keys.asc"
        owner=root group=root mode=600
  notify:
    - Clean-up GnuPG keyring for import of new keys
    - Import private keys
    - Import public keys

- name: Extract encryption key identifier (Duplicty requires key ID in hexadecimal format)
  shell: "gpg2 --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sed -re 's/^.{8}//'"
  register: backup_encryption_key_id
  changed_when: False
  failed_when: backup_encryption_key_id.stdout == ""

- name: Extract additional encryption keys identifiers (Duplicty requires key ID in hexadecimal format)
  shell: "gpg2 --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sort -u | sed -re 's/^.{8}//' | tr '\n' ',' | sed -e 's/,$//'"
  register: backup_additional_encryption_keys_ids
  when: backup_additional_encryption_keys
  changed_when: False
  failed_when: backup_additional_encryption_keys_ids.stdout == ""

- name: Deploy private SSH key for logging-in into backup server
  copy: content="{{ backup_ssh_key }}" dest="/etc/duply/main/ssh/identity"
        owner="root" group="root" mode="600"
  no_log: True

- name: Deploy custom known_hosts for backup purposes
  template: src="known_hosts.j2" dest="/etc/duply/main/ssh/known_hosts"
            owner="root" group="root" mode="600"

- name: Deploy Duply configuration file
  template: src="duply_main_conf.j2" dest="/etc/duply/main/conf"
            owner=root group=root mode=600

- name: Deploy base exclude pattern (exclude all by default)
  copy: content="- **" dest="/etc/duply/main/exclude"
        owner="root" group="root" mode="600"

- name: Set-up directory for storing pre-backup scripts
  file: path="/etc/duply/main/pre.d/" state=directory
        owner="root" group="root" mode="700"

- name: Set-up script for running all pre-backup scripts
  copy: src="duply_pre" dest="/etc/duply/main/pre"
        owner="root" group="root" mode="700"

- name: Deploy crontab entry for running backups
  cron: name=backup cron_file=backup hour=2 minute=0 job="/usr/bin/duply main backup"
        state=present user=root

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers