- name: Install dependencies
  package:
    name:
      - git
      - python3
      - python3-dev
      - py3-pip
      - py3-virtualenv
      - bash # for upgrade script
      - build-base # to build psycopg if not available
      - postgresql-dev # likewise

- name: Create group for web service
  group:
    name: '{{ user }}'
    system: yes

- name: Create user for web service
  user:
    name: '{{ user }}'
    group: '{{ user }}'
    home: '/srv/{{ user }}'
    shell: /bin/sh
    system: yes
  register: user_info

- name: Checkout repo
  become: yes
  become_user: '{{ user }}'
  git:
    repo: https://github.com/netbox-community/netbox.git
    dest: '{{ user_info.home }}/app'
    version: 'v{{ netbox_version }}'
  notify: run migrations

- name: Copy default config
  copy:
    dest: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
    src: '{{ user_info.home }}/app/netbox/netbox/configuration_example.py'
    remote_src: yes
    owner: '{{ user_info.uid }}'
    group: '{{ user_info.group }}'
    force: no
  notify: run migrations

- name: Restrict access to config
  file:
    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
    mode: 0600

- name: Configure secret key
  lineinfile:
    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
    regexp: "^SECRET_KEY = ''"
    line: "SECRET_KEY = '{{ lookup('password', '/dev/null', length=50) }}'"
    backrefs: yes # don’t set if set already

- name: Configure base settings and database
  lineinfile:
    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
    regexp: '{{ item.key }}'
    line: '{{ item.line }}'
  loop:
    - key: '^ALLOWED_HOSTS = '
      line: "ALLOWED_HOSTS = ['{{ dns_name }}']"
    - key: 'USER.*PostgreSQL username'
      line: "    'USER': '{{ user }}', # PostgreSQL username"
    - key: 'PASSWORD.*PostgreSQL password'
      line: "    'PASSWORD': '{{ password.db_pass }}', # PostgreSQL password"
    - key: '^PLUGINS = '
      line: "PLUGINS = ['netbox_topology_views']"
  notify: run migrations

- name: Configure OIDC authentication
  lineinfile:
    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
    regexp: '{{ item.key }}'
    line: '{{ item.line }}'
  loop:
    - key: "^REMOTE_AUTH_ENABLED ="
      line: "REMOTE_AUTH_ENABLED = True"
    - key: "^REMOTE_AUTH_BACKEND ="
      line: "REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'"
    - key: "^SOCIAL_AUTH_OIDC_OIDC_ENDPOINT ="
      line: "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = '{{ password.oidc_endpoint }}'"
    - key: "^SOCIAL_AUTH_OIDC_KEY ="
      line: "SOCIAL_AUTH_OIDC_KEY = '{{ password.oidc_client_id }}'"
    - key: "^SOCIAL_AUTH_OIDC_SECRET ="
      line: "SOCIAL_AUTH_OIDC_SECRET = '{{ password.oidc_client_secret }}'"
    - key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
      line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
  notify: run migrations

- name: Configure various settings
  lineinfile:
    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
    regexp: '{{ item.key }}'
    line: '{{ item.line }}'
  loop:
    - key: "^LOGIN_REQUIRED ="
      line: "LOGIN_REQUIRED = True"
    - key: "^EXEMPT_VIEW_PERMISSIONS = \\[$"
      line: "EXEMPT_VIEW_PERMISSIONS = ['*',"
  notify: restart netbox

- name: Set additional requirements
  become: yes
  become_user: '{{ user }}'
  copy:
    dest: '{{ user_info.home }}/app/'
    src: local_requirements.txt
  notify: run migrations

- meta: flush_handlers

- name: Create superuser
  become: yes
  become_user: '{{ user }}'
  command:
    cmd: '{{ user_info.home }}/app/venv/bin/python {{ user_info.home }}/app/netbox/manage.py shell --interface python'
    stdin: |
      import sys
      from users.models import User
      #from django.contrib.auth.models import User
      username = '{{ password.admin_user }}'
      if not User.objects.filter(username=username):
          User.objects.create_superuser(username, password='{{ password.admin_pass }}')
          sys.exit(1)
  register: result
  changed_when: result.rc != 0

- name: Set up gunicorn
  copy:
    dest: /srv/netbox/gunicorn.py
    src: /srv/netbox/app/contrib/gunicorn.py
    remote_src: yes
    force: no
    owner: netbox
    group: netbox

- name: Set up cron job
  file:
    dest: /etc/periodic/daily/netbox-housekeeping.sh
    src: /srv/netbox/app/contrib/netbox-housekeeping.sh
    state: link

- name: Install services
  template:
    dest: '/etc/init.d/{{ item }}'
    src: '{{ item }}.initd.j2'
    mode: 0755
  loop:
    - netbox
    - netbox-rq

- name: Enable services
  service:
    name: '{{ item }}'
    enabled: true
    state: started
  loop:
    - netbox
    - netbox-rq

- name: Set up nginx site
  template:
    dest: '/etc/nginx/http.d/netbox.conf'
    src: 'netbox.conf.j2'
  notify: reload nginx