- name: Enable index.html creation if user doesn't wish to customise base domain
  delegate_to: 127.0.0.1
  lineinfile:
    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Base Domain Settings'
  with_dict:
    'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
  when: customise_base_domain_website|bool == false

- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
  delegate_to: 127.0.0.1
  lineinfile:
    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Base Domain Settings'
  with_dict:
    'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
  when: customise_base_domain_website|bool == true

- name: Record 'Customise Website + Access Backup' variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# AWX Settings'
  with_dict:
    'customise_base_domain_website': '{{ customise_base_domain_website }}'

- name: Copy new 'matrix_vars.yml' to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    dest: '/matrix/awx/matrix_vars.yml'
    mode: '0660'

- name: Reload vars in matrix_vars.yml
  include_vars:
    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'

- name: Save new 'Customise Website + Access Backup' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: './roles/matrix-awx/surveys/configure_website_access_backup.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_backup.json'

- name: Copy new 'Customise Website + Access Backup' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_backup.json'
    dest:  '/matrix/awx/configure_website_access_backup.json'
    mode: '0660'

- name: Collect AWX admin token the hard way!
  delegate_to: 127.0.0.1
  shell: |
      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
  register: tower_token
  no_log: True

- name: Recreate 'Customise Base Domain Website' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Website + Access Backup"
    description: "Configure base domain website settings and access the services backup."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-nginx-proxy"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_backup.json') }}"
    become_enabled: yes
    state: present
    verbosity: 1
    tower_host: "https://{{ tower_host }}"
    tower_oauthtoken: "{{ tower_token.stdout }}"
    validate_certs: yes

# Copied over from provision stage

- name: Copy ssh_sftp.service file
  copy:
    src: './roles/matrix-awx/templates/sftp/ssh_sftp.service'
    dest: '/lib/systemd/system/ssh_sftp.service'
    mode: 0644

- name: Copy sshd config file
  copy:
    src: './roles/matrix-awx/templates/sftp/sshd_sftp_config'
    dest: '/etc/ssh/sshd_sftp_config'
    mode: 0644

- name: Ensure group "sftp" exists
  group:
    name: sftp
    state: present

- name: If user defines sftp_password, enable account / set password on 'stfp' account.
  user:
    name: sftp
    comment: SFTP user to set custom web files
    shell: /bin/false
    home: /home/sftp/
    group: sftp
    password: "{{ sftp_password | password_hash('sha512') }}"
    update_password: always
  when: (sftp_password is defined) and (sftp_password|length > 0)

# would be safer if it generated the password for you!

- name: Setup SFTP users default root path
  shell: sudo usermod -d / sftp

- name: adding existing user 'sftp' to group matrix
  user:
    name: sftp
    groups: matrix
    append: yes

- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
  file:
    path: /chroot
    state: directory
    owner: root
    group: root
    mode: '1755'

- name: Create the rw /chroot/website directory if it doesn't exist.
  file:
    path: /chroot/website
    state: directory
    owner: matrix
    group: matrix
    mode: '0574'

- name: Ensure /chroot/backup/ location exists
  file:
    path: /chroot/backup
    state: directory
    owner: sftp
    group: sftp
    mode: '0700'

- name: Enable service ssh_sftp.service
  service:
    name: ssh_sftp.service
    enabled: yes

- name: Start service ssh_sftp.service
  service:
    name: ssh_sftp.service
    state: started