---
- name: install stuff
  apt:
    name: 
      - default-jre
      - unzip
      - apache2
    update_cache: yes

##install database
- name: include role for postgresql
  include_role:
    name: postgresql
  vars:
    postgresql_database: "{{ keycloak_postgresql_database }}"
    postgresql_username: "{{ keycloak_postgresql_username }}"
    postgresql_password: "{{ keycloak_postgresql_password }}"

- name: include role for website
  include_role:
    name: website
  vars:
    domainname: "{{ inventory_hostname }}"
    docroot: "/var/www/html"
    optionalDirectives: |
      ProxyPreserveHost On
      SSLProxyEngine On
      SSLProxyCheckPeerCN on
      SSLProxyCheckPeerExpire on
      RequestHeader set X-Forwarded-Proto "https"
      RequestHeader set X-Forwarded-Port "443"
      ProxyPass / http://127.0.0.1:8080/
      ProxyPassReverse / http://127.0.0.1:8080/

- name: create user for keycloak
  user:
    name: keycloak
    state: present
    shell: /bin/false
    system: yes
    createhome: yes
    home: /opt/keycloak

- name: check if keycloak-dir exists
  stat:
    path: /opt/keycloak/keycloak-21.0.1
  register: keycloak_exists

- name: Download keycloak-zip
  ansible.builtin.get_url:
    url: https://github.com/keycloak/keycloak/releases/download/21.1.1/keycloak-21.1.1.zip
    dest: /opt/ansiblepackages/keycloak-21.1.1.zip
    mode: '0400'

- name: Extract keycloak-211.1.zip to /opt/keycloak
  unarchive:
    src: /opt/ansiblepackages/keycloak-21.1.1.zip
    dest: /opt/keycloak
    owner: keycloak
    group: keycloak
    remote_src: yes
  when: not keycloak_exists.stat.exists or redeploy is defined

- name: link /opt/keycloak/keycloak-21.1.1 to /opt/keycloak/current
  file:
    state: link
    owner: keycloak
    group: keycloak
    mode: '0770'
    src: /opt/keycloak/keycloak-21.1.1
    dest: /opt/keycloak/current

##build once
- name: check if /opt/keycloak/current/builtonce.txt exists
  stat:
    path: /opt/keycloak/current/builtonce.txt
  register: builtonce_exists

- name: build keycloak
  command: sudo -u keycloak /opt/keycloak/current/bin/kc.sh build --db=postgres
  when: not builtonce_exists.stat.exists

- name: create file to track build
  ansible.builtin.file:
    path: /opt/keycloak/current/builtonce.txt
    owner: keycloak
    group: keycloak
    mode: '0770'
    state: touch
  when: not builtonce_exists.stat.exists

- name: set permissions correct
  file:
    dest: /opt/keycloak
    owner: keycloak
    group: keycloak
#    mode: "0770"
    recurse: yes

- name: generate /etc/systemd/system/keycloak.service
  template:
    src: keycloak.service.j2
    dest: /etc/systemd/system/keycloak.service
    owner: root
    group: root
    mode: "0644"
  notify:
    - reload systemd

- name: Flush handlers
  meta: flush_handlers

- name: enable keycloak
  systemd:
    name: keycloak
    enabled: yes
    masked: no
  notify:
    restart keycloak

- name: Flush handlers
  meta: flush_handlers

##add admin user once
- name: check if /opt/keycloak/current/adminuseradded.txt exists
  stat:
    path: /opt/keycloak/current/adminuseradded.txt
  register: adminuseradded_exists

- name: stop keycloak
  ansible.builtin.service:
    name: keycloak
    state: stopped
  when: not adminuseradded_exists.stat.exists

- name: generate /etc/systemd/system/keycloak.service
  template:
    src: keycloak.service_init.j2
    dest: /etc/systemd/system/keycloak.service
    owner: root
    group: root
    mode: "0644"
  when: not adminuseradded_exists.stat.exists
  notify:
    - reload systemd

- name: Flush handlers
  meta: flush_handlers

- name: start keycloak
  ansible.builtin.service:
    name: keycloak
    state: started
  when: not adminuseradded_exists.stat.exists

- name: Sleep 120 seconds
  ansible.builtin.wait_for:
    timeout: 120
  delegate_to: localhost
  when: not adminuseradded_exists.stat.exists

- name: stop keycloak
  ansible.builtin.service:
    name: keycloak
    state: stopped
  when: not adminuseradded_exists.stat.exists

- name: generate /etc/systemd/system/keycloak.service
  template:
    src: keycloak.service.j2
    dest: /etc/systemd/system/keycloak.service
    owner: root
    group: root
    mode: "0644"
  when: not adminuseradded_exists.stat.exists
  notify:
    - reload systemd

- name: Flush handlers
  meta: flush_handlers

- name: start keycloak
  ansible.builtin.service:
    name: keycloak
    state: started
  when: not adminuseradded_exists.stat.exists

- name: create file to track user creation
  ansible.builtin.file:
    path: /opt/keycloak/current/adminuseradded.txt
    owner: keycloak
    group: keycloak
    mode: '0770'
    state: touch
  when: not adminuseradded_exists.stat.exists

- name: start keycloak
  ansible.builtin.service:
    name: keycloak
    state: started