# 1. Prepare to install Gitea: create user and directory structure

- name: Shut down existing Gitea instance (if we're reinstalling)
  systemd:
    name: gitea
    state: stopped
  ignore_errors: yes

- name: Ensure group 'gitea' exists
  group:
    name: gitea
    state: present

- name: Create user 'gitea'
  user:
    name: gitea
    comment: Gitea daemon account
    groups: gitea
    home: "{{ gitea_home }}"    # /home/gitea

- name: Create {{ gitea_root_directory }} directory structures
  file:
    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
    state: directory
    owner: gitea
    group: gitea
  with_items: "{{ gitea_subdirectories }}"

- name: Make directories data, indexers, and log writable (0750)
  file:
    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
    mode: '0750'
  with_items:
    - data
    - indexers
    - log


# 2. Download, verify, and link Gitea binary

- name: Fail if we detect unknown architecture
  fail:
    msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
  when: gitea_iset_suffix == "unknown"

- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~104 MB)
  get_url:
    url: "{{ gitea_download_url }}"
    dest: "{{ gitea_install_path }}"    # e.g. /library/gitea/bin/gitea-1.14
    mode: 0775
    timeout: "{{ download_timeout }}"

- name: Download Gitea GPG signature {{ gitea_integrity_url }} to {{ gitea_checksum_path }}
  get_url:
    url: "{{ gitea_integrity_url }}"
    dest: "{{ gitea_checksum_path }}"

- name: Verify Gitea binary with GPG signature
  shell: |
    gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }}
    gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}
  ignore_errors: yes

- name: Symlink {{ gitea_link_path }} -> {{ gitea_install_path }}
  file:
    src: "{{ gitea_install_path }}"
    path: "{{ gitea_link_path }}"
    owner: gitea
    group: gitea
    state: link


# 3. Configure Gitea

# For security reasons, the Gitea developers recommend removing group write
# permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of 
# Gitea. User gitea needs write permissions during the first run but not 
# subsequent runs.

- name: mkdir /etc/gitea (0770)
  file:
    state: directory
    path: /etc/gitea
    owner: root
    group: gitea
    mode: 0770

- name: Install /etc/gitea/app.ini from template (0664)
  template:
    src: app.ini.j2
    dest: /etc/gitea/app.ini
    owner: root
    group: gitea
    mode: 0664


# 4. Create systemd service & prepare NGINX for http://box/gitea

- name: "Install from template: /etc/systemd/system/gitea.service (by default 0644)"
  template:
    src: gitea.service.j2
    dest: /etc/systemd/system/gitea.service


# 5. RECORD Gitea AS INSTALLED

- name: "Set 'gitea_installed: True'"
  set_fact:
    gitea_installed: True

- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^gitea_installed'
    line: 'gitea_installed: True'