---
- hosts: git.crypto-libertarian.com
  module_defaults:
    apt:
      force_apt_get: true
      update_cache: true
      cache_valid_time: 86400
  roles:
    - name: kotovalexarian.common
      tags: common
  handlers:
    - name: Restart Apache
      systemd:
        name: apache2.service
        state: restarted
  tasks:
    - name: Install system packages
      apt:
        name:
          - cgit
          - finger
          - git
          - python3-markdown
          - python3-pygments

    - name: Create system group
      group:
        name: git

    - name: Create system user
      user:
        name: git
        group: git
        create_home: true

    - name: Create directory for SSH configuration
      file:
        state: directory
        path: /home/git/.ssh
        owner: git
        group: git
        mode: 'u=rwx,g=,o='

    - name: Create SSH configuration of authorized keys
      copy:
        src: ../../files/authorized_keys
        dest: /home/git/.ssh/authorized_keys
        owner: git
        group: git
        mode: 'u=rw,g=,o='

    - name: Disable system info message
      copy:
        content: ''
        dest: /home/git/.hushlogin
        owner: root
        group: root
        mode: 'u=rw,g=r,o=r'

    - name: Add git shell
      copy:
        src: ../../files/shells
        dest: /etc/shells
        owner: root
        group: root
        mode: 'u=rw,g=r,o=r'

    - name: Detect shell
      shell: "/usr/bin/finger git | grep -oP 'Shell: \\K.*'"
      register: detect_shell_result
      changed_when: false

    - name: Use git shell
      command: '/usr/bin/chsh git -s /usr/bin/git-shell'
      when: detect_shell_result.stdout != '/usr/bin/git-shell'

    - name: Disable Apache configuration
      command: '/usr/sbin/a2disconf cgit'
      register: disable_apache_configuration_result
      changed_when: >
        disable_apache_configuration_result.stdout is search('Disabling conf')
      notify: Restart Apache

    - name: Add Apache site
      copy:
        src: ../../files/git.crypto-libertarian.com.conf
        dest: /etc/apache2/sites-available/git.crypto-libertarian.com.conf
        owner: root
        group: root
        mode: 'u=rw,g=r,o=r'
      notify: Restart Apache

    - name: Enable Apache site
      command: '/usr/sbin/a2ensite git.crypto-libertarian.com.conf'
      register: enable_apache_site_result
      changed_when: >
        enable_apache_site_result.stdout is search('Enabling site')
      notify: Restart Apache

    - name: Install cgit configuration
      copy:
        src: ../../files/cgitrc
        dest: /etc/cgitrc
        owner: root
        group: root
        mode: 'u=rw,g=r,o=r'