- name: import mail vars if mail is enabled
  include_vars:
    file: mail.yml
  when: (host_mail | d(true) == true) and (mail_account is mapping) and
        (mail_account.username is defined) and (mail_account.password is defined)


- name: set vault_cfg
  set_fact:
    vault_cfg: "{{ vault_default_config | d({}) |
      combine(vault_mail_config | d({}), recursive=true) |
      combine(vault_config | d({}), recursive=true) }}"


- name: install curl
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - curl


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ vault_user }}"
      group: "{{ vault_group }}"
      dir: "{{ vault_dir }}"
      comment: "vaultwarden service user"
      notify: restart vaultwarden


- name: create data directory
  file:
    path: "{{ (vault_dir, 'data') | path_join }}"
    state: directory
    mode: 0750
    owner: "{{ vault_user }}"
    group: "{{ vault_group }}"


- name: ensure extract dir exists
  file:
    path: "{{ vault_extract_dir }}"
    state: directory


- name: download docker-image-extract script
  get_url:
    url: "https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract"
    dest: "{{ vault_extract_dir }}"
    timeout: 20
    mode: "+x"


- name: run docker-image-extract
  command:
    cmd: "{{ (vault_extract_dir, 'docker-image-extract') | path_join }} vaultwarden/server:alpine"
    chdir: "{{ vault_extract_dir }}"
  register: result
  changed_when: no
  failed_when: result.rc != 0


- name: check if output directory exists
  stat:
    path: "{{ (vault_extract_dir, 'output') | path_join }}"
  register: result


- name: fail if output directory is missing
  fail:
    msg: output directory is missing
  when: not (result.stat.isdir is defined and result.stat.isdir)


- name: move vaultwarden to vault dir
  copy:
    src: "{{ (vault_extract_dir, 'output', 'valutwarden') | path_join }}"
    dest: "{{ (vault_dir, 'valutwarden') | path_join }}"
    force: yes
    remote_src: yes
    owner: "{{ vault_user }}"
    group: "{{ vault_group }}"
  notify: restart vaultwarden


- name: remove output directory
  file:
    path: "{{ (vault_extract_dir, 'output') | path_join }}"
    state: absent
  changed_when: no


- name: ensure vaultwarden has executable bit set
  file:
    path: "{{ (vault_dir, 'valutwarden') | path_join }}"
    mode: "+x"


- name: get and extract latest version of web-vault
  include_tasks: tasks/get_lastversion.yml
  vars:
    package:
      name: dani-garcia/bw_web_builds
      location: github
      assets: yes
      asset_filter: '.tar.gz$'
      file: "{{ vault_dir }}/last_version"
      extract: "{{ vault_dir }}"
      user: "{{ vault_user }}"
      group: "{{ vault_group }}"
      notify: restart vaultwarden


- name: template .env file
  template:
    src: env.j2
    dest: "{{ (vault_dir, '.env') | path_join }}"
    force: yes
    mode: 0400
    owner: "{{ vault_user }}"
    group: "{{ vault_group }}"
    lstrip_blocks: yes
  notify: restart vaultwarden


- name: template init script
  template:
    src: init.j2
    dest: /etc/init.d/vaultwarden
    force: yes
    mode: "+x"
  notify: restart vaultwarden


- name: ensure correct ownership in vault dir
  file:
    path: "{{ vault_dir }}"
    state: directory
    follow: no
    recurse: yes
    owner: "{{ vault_user }}"
    group: "{{ vault_group }}"
  notify: restart vaultwarden


- name: install and configure nginx
  include_role:
    name: nginx
  vars:
    nginx:
      servers:
        - conf: nginx_server
      certs: "{{ host_tls }}"


- name: flush handlers
  meta: flush_handlers


- name: add directories to backup plan
  include_role:
    name: backup
    tasks_from: add.yml
  vars:
    backup_items:
      - "{{ vault_dir }}"


- name: enable and start vaultwarden
  service:
    name: vaultwarden
    enabled: yes
    state: started