---
- tags: etherpad
  block:
    - name: Install dependencies
      apt:
        name: [ gpg, nginx, postgresql, python3-psycopg2 ]

    - name: Import nodesource signing key
      apt_key:
        url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
      notify: apt update

    - name: Install nodesource source list
      template:
        src: nodesource.list
        dest: /etc/apt/sources.list.d/nodesource.list
        owner: root
        group: root
        mode: 0644
      notify: apt update

    - meta: flush_handlers

    - name: Install nodejs
      apt:
        name: nodejs

    - name: Add database user
      become: true
      become_method: su
      become_user: postgres
      no_log: yes
      postgresql_user:
        name: etherpad
        password: "{{ etherpad_db_password }}"

    - name: Add database
      become: true
      become_method: su
      become_user: postgres
      postgresql_db:
        name: "{{ etherpad_db_name }}"
        owner: "{{ etherpad_db_user }}"

    - name: Add etherpad user
      user:
        name: etherpad
        home: /var/lib/etherpad

    - name: Create log file
      file:
        path: /var/log/etherpad.log
        state: touch
        owner: etherpad
        group: etherpad
        mode: 0644

    - name: Create source directory
      file:
        path: /opt/etherpad
        state: directory
        owner: etherpad
        group: etherpad
        mode: 0755

    - name: Clone etherpad source
      become: yes
      become_method: su
      become_user: etherpad
      git:
        repo: https://github.com/ether/etherpad-lite.git
        version: master
        dest: /opt/etherpad
        accept_hostkey: yes
      notify: restart etherpad

    - name: Install etherpad config
      template:
        src: settings.json
        dest: /opt/etherpad/settings.json
        owner: root
        group: root
        mode: 0644
      notify: restart etherpad

    - name: Install etherpad service
      template:
        src: etherpad.service
        dest: /etc/systemd/system/etherpad.service
        owner: root
        group: root
        mode: 0644
      notify: restart etherpad

    - name: Start etherpad
      systemd:
        daemon_reload: true
        name: etherpad
        state: started
        enabled: yes

    - name: Clear default nginx site
      file:
        state: absent
        path: /etc/nginx/sites-enabled/default
      notify: reload nginx

    - name: Install nginx config
      template:
        src: nginx-site.conf
        dest: /etc/nginx/sites-enabled/etherpad
        owner: root
        group: root
        mode: 0644
      notify: reload nginx

    - name: Allow HTTP and HTTPS
      iptables:
        chain: INPUT
        protocol: tcp
        destination_port: "{{ item.port }}"
        ctstate: NEW
        jump: ACCEPT
        ip_version: "{{ item.ip }}"
        action: insert
      with_items:
        - { ip: ipv4, port: 80 }
        - { ip: ipv4, port: 443 }
        - { ip: ipv6, port: 80 }
        - { ip: ipv6, port: 443 }
      notify: persist iptables