---

# Ansible pre-requisites
# ======================

- name: Install Python apt bindings
  apt:
    name: python-apt


# Deprecation
# ===========

- name: Drop directory for storing custom Prosody modules
  file:
    path: "/usr/local/lib/prosody/"
    state: absent
  notify:
    - Restart Prosody

- name: Collect information about installed packages
  package_facts:

- name: Uninstall Prosody from project-provided repository
  apt:
    name: prosody
    state: absent
  when:
    - "ansible_facts.packages['prosody'] is defined"
    - "'nightly' in ansible_facts.packages['prosody'][0].version"

- name: Uninstall Prosody dependencies from project-provided repository
  apt:
    name:
      - lua-expat
      - lua-filesystem
      - lua-sec
      - lua-socket
    state: absent
  when: >-
    (ansible_facts.packages['lua-expat'] is defined and 'prosody' in ansible_facts.packages['lua-expat'][0].version)
    or (ansible_facts.packages['lua-filesystem'] is defined and 'prosody' in ansible_facts.packages['lua-filesystem'][0].version)
    or (ansible_facts.packages['lua-sec'] is defined and 'prosody' in ansible_facts.packages['lua-sec'][0].version)
    or (ansible_facts.packages['lua-socket'] is defined and 'prosody' in ansible_facts.packages['lua-socket'][0].version)

- name: Remove Prosody project-provided apt key
  apt_key:
    id: "{{ item }}"
    state: absent
  with_items:
    - "107D65A0A148C237FDF00AB47393D7E674D9DBB5"
    - "44AB6DD06DA46979CFAF997F9B1B82786C8F28BA"

- name: Remove Prosody project-provided repository
  apt_repository:
    repo: "deb http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
    state: absent

# Remove the repository configuration file based on path as well, just
# to be on the safe side (in case the file was manually modified, and
# did not get detected properly by apt_repository module).
- name: Remove Prosody project-provided repository (double-tap)
  file:
    path: "/etc/apt/sources.list.d/packages_prosody_im_debian.list"
    state: absent


# Main implementation
# ===================

- name: Set-up the Debian backports repository
  template:
    src: backports.list.j2
    dest: /etc/apt/sources.list.d/backports.list
    owner: root
    group: root
    mode: 0644
  register: backports_repository_configuration

- name: Update apt cache if backports repository configuration changed (for immediate use)  # noqa 503
  # [503] Tasks that run when changed should likely be handlers
  #   Since apt_repository module is not reliable (does not deploy
  #   change when changing distro version etc), we have to use
  #   template instead, but this also means we need to trigger the apt
  #   cache reload by hand.
  apt:
    update_cache: true
  when: backports_repository_configuration.changed

- name: Configure package pins to backports for Prosody
  template:
    src: prosody_backports_pin.j2
    dest: /etc/apt/preferences.d/prosody
    owner: root
    group: root
    mode: 0644

- name: Install additional Prosody dependencies
  apt:
    name:
      - lua-ldap
      - prosody-modules
    state: present
  notify:
    - Restart Prosody

- name: Install Prosody
  apt:
    name: prosody
    state: present
  notify:
    - Restart Prosody

- name: Allow Prosody user to traverse the directory with TLS private keys
  user:
    name: prosody
    append: true
    groups: ssl-cert

- name: Deploy XMPP TLS private key
  copy:
    dest: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key"
    content: "{{ xmpp_tls_key }}"
    owner: root
    group: prosody
    mode: 0640
  notify:
    - Restart Prosody

- name: Deploy XMPP TLS certificate
  copy:
    dest: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
    content: "{{ xmpp_tls_certificate }}"
    owner: root
    group: root
    mode: 0644
  notify:
    - Restart Prosody

- name: Generate the XMPP server Diffie-Hellman parameter
  openssl_dhparam:
    owner: root
    group: prosody
    mode: 0640
    path: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem"
    size: 2048
  notify:
    - Restart Prosody

- name: Deploy configuration file for checking certificate validity via cron
  copy:
    content: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
    dest: "/etc/check_certificate/{{ ansible_fqdn }}_xmpp.conf"
    owner: root
    group: root
    mode: 0644

- name: Deploy script for validating Prosody certificate
  copy:
    src: "check_prosody_certificate.sh"
    dest: "/usr/local/bin/check_prosody_certificate.sh"
    owner: root
    group: root
    mode: 0755

- name: Set-up crontab task that runs the Prosody certificate checker script once a day
  copy:
    src: "cron_check_prosody_certificate"
    dest: "/etc/cron.d/check_prosody_certificate"
    owner: root
    group: root
    mode: 0644

- name: Deploy Prosody configuration file
  template:
    src: "prosody.cfg.lua.j2"
    dest: "/etc/prosody/prosody.cfg.lua"
    owner: root
    group: prosody
    mode: 0640
  notify:
    - Restart Prosody

- name: Enable and start Prosody service
  service:
    name: prosody
    state: started
    enabled: true

- name: Deploy firewall configuration for XMPP server
  copy:
    src: "ferm_xmpp.conf"
    dest: "/etc/ferm/conf.d/30-xmpp.conf"
    owner: root
    group: root
    mode: 0640
  notify:
    - Restart ferm

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers