---
- name: Include Service-OS-specific variables.
  include_vars: "{{ service }}-{{ ansible_os_family }}.yml"

- name: Set SSH port
  set_fact:
    ansible_port: "{{SSH_PORT}}"

- name: "Ensure group {{ service_group }} exists"
  ansible.builtin.group:
    name: "{{ service_group }}"
    state: present

- name: Add {{ service_group }} User
  ansible.builtin.user:
    name: "{{ service_user }}"
    group: "{{ service_group }}"

- name: "check if {{ service_group }} is installed"
  package_facts:
    manager: "auto"

- name: populate service facts
  service_facts:


- name: Creates directorys
  file:
    path: "{{ item.path }}"
    state: directory
    mode: o=rx
    owner: "{{ service_user }}"
    group: "{{ service_group }}"
  with_items:
    - { path: "{{ service_dir }}"}
    - { path: "{{ service_dir }}/conf.d"}
  when: service not in ansible_facts.packages


- name: Set passlib version
  set_fact:
    passlib_ver: "python3-passlib"
  when: ansible_facts['distribution_major_version'] == '8' or (ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu')
  ignore_errors: True


- name: Set passlib version
  set_fact:
    passlib_ver: "python-passlib"
  when: ansible_facts['distribution_major_version'] == '7'
  ignore_errors: True

- name: Set passlib version
  set_fact:
    passlib_ver: "passlib"
  when: ansible_facts['distribution_major_version'] == '9'
  ignore_errors: True


- name: Install passlib
  package:
    name: "{{passlib_ver}}"
    state: present
  when:
   - service not in ansible_facts.packages
   - ansible_facts['distribution_major_version'] != '9'
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"

- name: Copying over nginx.conf
  template: src={{item.src}} dest={{item.dest}} mode="0666" force="no"
  with_items:
    - { src: 'mime.types.j2', dest: '{{ service_dir }}/mime.types' }
    - { src: 'nginx.conf.j2', dest: '{{CONFIG_PATH}}' }
    - { src: '{{ service }}_default.conf.j2', dest: '{{ service_dir }}/conf.d/default.conf' }
  become: true
  ignore_errors: yes
  when: service == "nginx"

- name: Copy status page configuration in place
  template:
    src: "{{ service }}_status.conf.j2"
    dest: "{{ service_dir }}/{{ conf_folder }}/status_page.conf"
    mode: 0644
    force: no
  when:
   - service not in ansible_facts.packages
  ignore_errors: yes

- name: Open stat port for firewalld
  firewalld:
    port: "{{ STAT_PORT }}/tcp"
    state: enabled
    permanent: yes
    immediate: yes
  ignore_errors: yes
  no_log: True
  debugger: never
  when:
    - '"firewalld" in ansible_facts.packages'
    - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
    - ansible_facts.services["firewalld.service"]['state'] == "running"


- name: Open stat port for iptables
  iptables:
    chain: INPUT
    destination_port: "{{ STAT_PORT }}"
    jump: ACCEPT
    protocol: tcp
  ignore_errors: yes


- htpasswd:
    path: "{{ service_dir }}/status_page_passwdfile"
    name: "{{STATS_USER}}"
    password: "{{STATS_PASS}}"


- name: test to see if selinux is running
  command: getenforce
  register: sestatus
  changed_when: false
  when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'


- name: Disble SELINUX in config
  template:
    src: /var/www/haproxy-wi/app/scripts/ansible/roles/haproxy/templates/selinux.j2
    dest: /etc/selinux/config
  ignore_errors: yes
  when:
    - sestatus.stdout is defined
    - '"Enforcing" in sestatus.stdout'


- name: Disble SELINUX in env
  shell: setenforce 0
  ignore_errors: yes
  debugger: never
  when:
    - sestatus.stdout is defined
    - '"Enforcing" in sestatus.stdout'