# "Emergency" reinstalls (from /opt/iiab/downloads/wordpress.tar.gz
# to /library/wordpress) should also work offline...
#
# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR
# NEXT RUN OF "./runrole wordpress" OR "./iiab-install" PLEASE FIRST DO:
#
# - "mv /library/wordpress /library/wordpress.old"
# - back up WordPress's database then drop it
#
# REASON: "keep_newer: yes" below tries to preserve WordPress's self-upgrades
# and security enhancements using timestamps under /library/wordpress, as these
# can arise without warning when WordPress is online, since WordPress ~4.8

- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}
  get_url:
    url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
    dest: "{{ downloads_dir }}"
    timeout: "{{ download_timeout }}"
  register: wp_download_output
  when: internet_available | bool

- name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }}
  file:
    src: "{{ wp_download_output.dest }}"
    path: "{{ downloads_dir }}/wordpress.tar.gz"    # /opt/iiab/downloads
    state: link
  when: wp_download_output.dest is defined

- name: Does {{ downloads_dir }}/wordpress.tar.gz link exist?
  stat:
    path: "{{ downloads_dir }}/wordpress.tar.gz"    # /opt/iiab/downloads
  register: wp_link

- name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist
  fail:
    msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress."
  when: not wp_link.stat.exists

- name: "Unpack {{ downloads_dir }}/wordpress.tar.gz to permanent location {{ wp_install_path }}/wordpress - owner: root, group: {{ apache_user }}, mode: '0664', keep_newer: yes"
  unarchive:
    src: "{{ downloads_dir }}/wordpress.tar.gz"    # /opt/iiab/downloads
    dest: "{{ wp_install_path }}"    # /library
    owner: root    # 2020-01-17: confirmed that wordpress.tar.gz (otherwise) unpacks as nobody:nogroup, with all files as '0644', and all dirs as '0755'
    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
    mode: '0664'    # PHP/Apache/NGINX apparently need g+rw (group write access, not just read) similar to '0775' for directory traversing below
    keep_newer: yes

- name: Make {{ wp_abs_path }} directories 775 so PHP/Apache/NGINX can traverse and write (above files remain 664)
  command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +"    # /library/wordpress

# 4 stanzas to install wp-keys.php.BAK, wp-keys.php & wp-config.php into /library/wordpress

- name: Install {{ wp_abs_path }}/wp-keys.php.BAK from template (if file does not already exist) in case download of 8 dynamically-generated salts/keys fails below
  copy:
    src: wp-keys.php.BAK
    dest: "{{ wp_abs_path }}/wp-keys.php.BAK"    # /library/wordpress
    owner: root
    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
    mode: '0640'
    force: no    # Preserve site's unique keys, as might have been placed into .BAK during an earlier run, by the script below

- name: Install script /tmp/get-iiab-wp-salts from template
  template:
    src: get-iiab-wp-salts.j2
    dest: /tmp/get-iiab-wp-salts
    owner: root
    group: root
    mode: '0700'

- name: Run /tmp/get-iiab-wp-salts to download 8 random salts/keys, creating a new {{ wp_abs_path }}/wp-keys.php (or if nec, copy from known/prior {{ wp_abs_path }}/wp-keys.php.BAK)    # /library/wordpress
  command: /tmp/get-iiab-wp-salts
  #when: internet_available | bool    # Better to run it every time, installing from wp-keys.php.BAK if download fails

# Don't Bother: /tmp file are deleted on reboot!
#- name: Remove script /tmp/get-iiab-wp-salts
#  file:
#    path: /tmp/get-iiab-wp-salts
#    state: absent

- name: Install {{ wp_abs_path }}/wp-config.php    # /library/wordpress
  template:
    src: wp-config.php.j2
    dest: "{{ wp_abs_path }}/wp-config.php"
    owner: root
    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
    mode: '0660'    # Others strongly recommend '0600' (or do PHP/Apache/NGINX really need group read & write permissions?)

- name: Install etc/{{ apache_config_dir }}/wordpress.conf from template, for http://box{{ wp_url }} via Apache
  template:
    src: wordpress.conf.j2
    dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
  when: apache_enabled | bool

- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^wordpress_installed'
    line: 'wordpress_installed: True'