---
- name: install stuff
  apt:
    name: 
      - default-jre
      - unzip
      - apache2
    update_cache: yes

##install database
- name: include role for postgresql
  include_role:
    name: postgresql
  vars:
    postgresql_database: "{{ keycloak_postgresql_database }}"
    postgresql_username: "{{ keycloak_postgresql_username }}"
    postgresql_password: "{{ keycloak_postgresql_password }}"

- name: include role for website
  include_role:
    name: website
  vars:
    domainname: "{{ inventory_hostname }}"
    docroot: "/var/www/html"
    optionalDirectives: |
      ProxyPreserveHost On
      SSLProxyEngine On
      SSLProxyCheckPeerCN on
      SSLProxyCheckPeerExpire on
      RequestHeader set X-Forwarded-Proto "https"
      RequestHeader set X-Forwarded-Port "443"
      ProxyPass / http://127.0.0.1:8080/
      ProxyPassReverse / http://127.0.0.1:8080/

- name: create user for keycloak
  user:
    name: keycloak
    state: present
    shell: /bin/false
    system: yes
    createhome: yes
    home: /opt/keycloak

- name: check if keycloak-dir exists
  stat:
    path: /opt/keycloak/keycloak-{{ keycloak_version }}
  register: keycloak_exists

- name: Download keycloak-zip
  ansible.builtin.get_url:
    url: https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip
    dest: /opt/ansiblepackages/keycloak-{{ keycloak_version }}.zip
    mode: '0400'

- name: Extract keycloak-{{ keycloak_version }}.zip to /opt/keycloak
  unarchive:
    src: /opt/ansiblepackages/keycloak-{{ keycloak_version }}.zip
    dest: /opt/keycloak
    owner: keycloak
    group: keycloak
    remote_src: yes
  when: not keycloak_exists.stat.exists or redeploy is defined

- name: Create a directory if it does not exist
  ansible.builtin.file:
    path: /opt/keycloak/data
    state: directory

- name: set permissions correct
  file:
    dest: /opt/keycloak
    owner: keycloak
    group: keycloak
#    mode: "0770"
    recurse: yes

- name: link /opt/keycloak/data to /opt/keycloak/keycloak-version/data
  file:
    state: link
    owner: keycloak
    group: keycloak
    mode: '0770'
    src: /opt/keycloak/data
    dest: /opt/keycloak/keycloak-{{ keycloak_version }}/data

- name: generate /etc/systemd/system/keycloak.service
  template:
    src: keycloak.service.j2
    dest: /etc/systemd/system/keycloak.service
    owner: root
    group: root
    mode: "0644"
  notify:
    - reload systemd
    - restart keycloak

- name: Flush handlers
  meta: flush_handlers

- name: enable keycloak
  systemd:
    name: keycloak
    enabled: yes
    masked: no
  notify:
    restart keycloak

- name: start keycloak
  ansible.builtin.service:
    name: keycloak
    state: started