---

- name: Prepare, test fixtures
  hosts: localhost
  connection: local
  gather_facts: false
  tasks:

    - name: Initialise CA hierarchy
      ansible.builtin.command: "gimmecert init"
      args:
        creates: ".gimmecert/ca/level1.cert.pem"
        chdir: "tests/data/"

    - name: Generate server private keys and certificates
      ansible.builtin.command:
      args:
        chdir: "tests/data/"
        creates: ".gimmecert/server/{{ item.name }}.cert.pem"
        argv:
          - "gimmecert"
          - "server"
          - "{{ item.name }}"
          - "{{ item.fqdn }}"
      with_items:
        - name: parameters-mandatory_https
          fqdn: parameters-mandatory
        - name: parameters-optional.local_https
          fqdn: parameters-optional.local
        - name: parameters-paste-req_https
          fqdn: parameters-paste-req
        - name: wsgi-website_https
          fqdn: wsgi-website

    - name: Set-up link to generated X.509 material
      ansible.builtin.file:
        src: ".gimmecert"
        dest: "tests/data/x509"
        state: link

- name: Prepare
  hosts: all
  become: true
  gather_facts: false
  tasks:

    - name: Install python for Ansible
      ansible.builtin.raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
      changed_when: false

    - name: Update all caches to avoid errors due to missing remote archives
      ansible.builtin.apt:
        update_cache: true
      changed_when: false

- name: Prepare, test fixtures
  hosts: wsgi-website
  become: true
  tasks:

    - name: Set-up /etc/hosts entries
      ansible.builtin.lineinfile:
        dest: /etc/hosts
        line: "{{ ansible_eth0.ipv4.address }} parameters-mandatory parameters-optional.local parameters-paste-req wsgi-website"

    - name: Install curl for testing redirects and webpage content
      ansible.builtin.apt:
        name: curl
        state: present

    - name: Install swaks for testing mail forwarding
      ansible.builtin.apt:
        name: swaks
        state: present

    - name: Install net-tools for testing sockets
      ansible.builtin.apt:
        name: net-tools
        state: present

    - name: Install Postfix for testing mail forwarding (Exim4 not covered)
      ansible.builtin.apt:
        name: postfix
        state: present

    - name: Install procmail for consistency with mail_server and mail_forwarder roles
      ansible.builtin.apt:
        name: procmail
        state: present

    - name: Update Postfix configuration
      ansible.builtin.lineinfile:
        path: /etc/postfix/main.cf
        regexp: "^{{ item.key }}"
        line: "{{ item.value }}"
        state: present
      with_dict:
        myhostname: "myhostname = {{ inventory_hostname }}"
        mailbox_command: 'mailbox_command = procmail -a "$EXTENSION"'
      notify:
        - Restart Postfix

    - name: Direct all mails from the root account to vagrant
      ansible.builtin.lineinfile:
        path: /etc/aliases
        regexp: "^root"
        line: "root: vagrant"
        state: present
      notify:
        - Generate aliases database

    - name: Set-up group for an additional user
      ansible.builtin.group:
        name: user
        state: present

    - name: Set-up additional user for testing mail delivery
      ansible.builtin.user:
        name: user
        group: user
        shell: /bin/bash

  handlers:

    - name: Restart Postfix
      ansible.builtin.service:
        name: postfix
        state: restarted

    - name: Generate aliases database  # noqa no-changed-when
      ansible.builtin.command: "/usr/bin/newaliases"
      # [no-changed-when] Commands should not change things if nothing needs doing
      #   Does not matter in test prepare stage.