---
- block:
  - name: Create the shinyproxy user
    user: name={{ shinyproxy_user }} home={{ shinyproxy_install_dir }} createhome=yes system=yes shell=/usr/sbin/nologin

  - name: Download the shinyproxy jar
    become: True
    become_user: '{{ shinyproxy_user }}'
    get_url: url={{ shinyproxy_url }} dest={{ shinyproxy_install_dir }}

  - name: Set up a symlink to an unversioned app name
    become: True
    become_user: '{{ shinyproxy_user }}'
    file: src={{ shinyproxy_install_dir }}/{{ shinyproxy_file_name }} dest={{ shinyproxy_install_dir }}/{{ shinyproxy_app_name }} state=link

  - name: Install the shinyproxy configuration file when using version 1.x
    template: src=shinyproxy-1-conf.yml.j2 dest={{ shinyproxy_install_dir }}/application.yml owner=root group={{ shinyproxy_user }} mode=0640
    notify: Restart shinyproxy
    when: shinyproxy_major_ver == 1
    tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ]

  - name: Install the shinyproxy configuration file when using version 2.x
    template: src=shinyproxy-2-conf.yml.j2 dest={{ shinyproxy_install_dir }}/application.yml owner=root group={{ shinyproxy_user }} mode=0640
    notify: Restart shinyproxy
    when: shinyproxy_major_ver == 2
    tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ]

  - name: Install the shinyproxy logrotate configuration
    template: src=shinyproxy-logrotate.j2 dest=/etc/logrotate.d/shinyproxy owner=root group=root mode=0444
    tags: [ 'shinyproxy', 'shinyproxy_conf' ]

  - name: Install the upstart init file
    template: src=upstart-shinyproxy.conf.j2 dest=/etc/init/shinyproxy.conf owner=root group=root mode=0644
    when: ansible_service_mgr != 'systemd'

  when:
    - ansible_distribution_major_version < '16'
    - shinyproxy_install | bool
  tags: shinyproxy

- block:
  - name: Install the shinyproxy deb package
    apt: 
      deb: "https://www.shinyproxy.io/downloads/shinyproxy_{{ shinyproxy_version }}_amd64.deb"
      state: present

  - name: Install the shinyproxy configuration file when using version 2.x
    template: src=shinyproxy-2-conf.yml.j2 dest=/etc/shinyproxy/application.yml owner=root group={{ shinyproxy_user }} mode=0640
    notify: Restart shinyproxy
    when: shinyproxy_major_ver == 2
    tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ]

  when:
    - ansible_distribution_file_variety == "Debian"
    - ansible_distribution_major_version >= '16'
    - shinyproxy_install | bool
  tags: shinyproxy

- block:
  - name: Ensure that the shinyproxy service is enabled and running
    service: name=shinyproxy state=started enabled=yes

  - name: Create the directory where to install the custom templates, if we want to use them
    file: dest={{ shinyproxy_template_path }} state=directory
    when: shinyproxy_custom_template | bool

  - name: Create shinyproxy log directory
    file: dest={{ shinyproxy_log_dir }} state=directory owner=shinyproxy mode=0750

  - name: Check if the Docker certs directory exists
    stat: path=/var/lib/docker/swarm/certificates
    register: certs_dir

  - name: Create the PKI directory
    file: dest={{ shinyproxy_docker_certs_dir }} state=directory owner=root group=shinyproxy mode=0750
    when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool

  - name: Copy the TLS files
    copy: src=/var/lib/docker/swarm/certificates/{{ item.src }} dest={{ shinyproxy_docker_certs_dir }}/{{ item.dest }} remote_src=yes force=yes
    with_items:
      - { src: swarm-root-ca.crt, dest: ca.pem }
      - { src: swarm-node.crt, dest: cert.pem }
      - { src: swarm-node.key, dest: key.pem }
    when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool

  - name: Fix the TLS key file permissions
    file: dest={{ shinyproxy_docker_certs_dir }}/key.pem owner=shinyproxy group=shinyproxy mode=0640
    when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool

  - name: Install a script that syncs the docker certificates
    template: src=sync_docker_certificates.sh.j2 dest=/usr/local/bin/sync_docker_certificates
    when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool

  - name: Install a cron job that hourly updates the certificates used by shinyproxy to talk with docker
    cron: name="Fix the docker certificates for shinyproxy" special_time=hourly job="/usr/local/bin/sync_docker_certificates > /var/log/shinyproxy/docker_certs.log 2>&1" 
    when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool

  - name: Remove the cron job that hourly updates the certificates if we have no local docker
    cron: name="Fix the docker certificates for shinyproxy" special_time=hourly job="/usr/local/bin/sync_docker_certificates > /var/log/shinyproxy/docker_certs.log 2>&1" state=absent
    when: certs_dir.stat.isdir is not defined or not certs_dir.stat.isdir | bool

  - name: Pull the Docker images for the Shiny apps, when using Docker standalone
    docker_image: name={{ item.docker_image }} pull=yes state={{ item.image_state | default('present') }} force=yes
    with_items: '{{ shinyproxy_apps }}'
    when:
      - shinyproxy_apps is defined
      - shinyproxy_container_backend == 'docker'
    tags: [ 'shinyproxy', 'shinyproxy_images' ]

  when: shinyproxy_install | bool
  tags: shinyproxy