---
# tasks file for sage905.mineos
- name: Ensure extra repos are enabled
  rhsm_repository:
    name:
     - "rhel-*-optional-rpms"
     - "rhel-*-extras-rpms"
    state: enabled
  when: (ansible_os_family == "RedHat" and ansible_distribution_major_version <= "7")

- name: Ensure EPEL is available
  yum:
    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm
    disable_gpg_check: true
    state: present
    
- name: Install Development Tools
  become: true
  yum: name="@Development tools" state=present
  when: ansible_os_family == 'RedHat'

- name: Install MineOS Dependencies
  become: true
  yum: 
    name: ['bind-utils', 'screen', 'git', 'wget', 'java-1.8.0-openjdk-headless.x86_64', 'openssl', 'openssl-devel', 'rsync', 'rdiff-backup', 'pam-devel']
    state: present 
    enablerepo: epel
  when:  ansible_os_family == 'RedHat'

# - name: enable LDAP enumeration in SSSD
#   ini_file:
#       section: domain/idm.toal.ca
#       path: /etc/sssd/sssd.conf   
#       option: enumerate
#       value: yes
#       state: present
#       backup: yes # not required. Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
#       create: no
#   notify: restart_sssd
  
- name: Create minecraft group
  become: true
  group: name=minecraft state=present system=yes

- name: Create minecraft user
  become: true
  user:
   name: minecraft
   comment: "Minecraft Server"
   createhome: yes
   system: yes
   groups: minecraft
   home: /var/games/minecraft
   shell: /bin/bash
   state: present


- name: Create Directories
  become: true
  file: 
    name: "{{ item.name }}"
    state: "{{ item.state }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  loop:
    - {name: /usr/games/minecraft, state: directory, owner: minecraft, group: minecraft, mode: "0755"}
    - {name: /var/games/minecraft, state: directory, owner: minecraft, group: minecraft, mode: "0755"}

- name: Allow group to access minecraft directory
  become: true
  file: name=/var/games/minecraft group=minecraft mode=0775

- name: Clone mineos git repo
  become: true
  become_user: minecraft
  git: 
    repo: "{{ mineos_repo }}"
    version: "{{ mineos_version }}" 
    dest: "/usr/games/minecraft"
    update: "{{ mineos_keep_updated }}"

  notify: Restart mineos

- name: Set git core.filemode setting
  become: true
  become_user: minecraft
  ini_file:
    dest: /usr/games/minecraft/.git/config
    section: core
    option: filemode
    value: false

- name: Set file permissions
  become: true
  file: name=/usr/games/minecraft/{{ item }} owner=minecraft group=minecraft mode=0775
  with_items:
    - service.js
    - mineos_console.js
    - generate-sslcert.sh
    - webui.js

- name: Give minecraft group access to server dir
  become: true
  file: name=/var/games/minecraft/servers owner=minecraft group=minecraft mode=0775 state=directory

- name: Generate self-signed certs
  become: true
  command: /usr/games/minecraft/generate-sslcert.sh  
  args:
    chdir: /usr/games/minecraft 
    creates: /etc/ssl/certs/mineos.key
  notify: Restart mineos
  
    # TODO: Lock versions of npm packages : userid to 0.3.1 and posix to 4.2.0

- name: Get new nan
  npm:
    name: nan
    global: true
    state: present
    production: true
    version: "2.14.0"
    unsafe_perm: true  

- name: Get Node Modules
  become: true
  become_user: minecraft
  npm: 
    path: /usr/games/minecraft 
    state: present 
    production: true 
    unsafe_perm: true  
  notify: Restart mineos

- name: Install PAM Module for MineOS Authentication
  become: true
  become_user: minecraft
  npm: 
    name: authenticate-pam
    path: /usr/games/minecraft 
    state: present 
    production: true
    unsafe_perm: true  
  notify: Restart mineos

- name: Link to executable
  become: true
  file: src=/usr/games/minecraft/mineos_console.js dest=/usr/local/bin/mineos state=link
  notify: Restart mineos

- name: Install mineos config from distribution
  become: true
  template: src=mineos.conf dest=/etc/mineos.conf owner=root mode=0644
  notify: Restart mineos

- name: Install upstart config (RHEL <= 6)
  become: true
  copy: src=upstart_conf dest=/etc/init/mineos.conf
  notify:
    - Reload initctl
    - Restart mineos
  when: ansible_distribution == "Amazon" or (ansible_os_family == "RedHat" and ansible_distribution_major_version <= "6")

- name: Link systemd config (RHEL 7)
  become: true
  file: src=/usr/games/minecraft/init/systemd_conf dest=/etc/systemd/system/mineos.service state=link
  notify: Restart mineos
  when: (ansible_os_family == "RedHat" or ansible and ansible_distribution_major_version == "7")

- name: Open firewall
  firewalld:
      state: enabled
      zone: public  
      service: https
      immediate: yes
      permanent: true