- name: create Unix users for repository, uploaders
  user:
    name: "{{ item.username }}"
  with_items:
    - username: apt
    - username: incoming

- name: install uploader ssh keys into incoming authorized_keys
  authorized_key:
    user: incoming
    key: "{{ item }}"
  with_items:
    - "{{ apt_uploader_ssh_public_keys }}"

- name: install reprepro and related stuff
  apt:
    name: "{{ item }}"
  with_items:
    - reprepro
    - incron
    - apache2

- name: install apache tls module
  apache2_module:
    name: ssl

- name: create APT repository directory
  file:
    state: directory
    dest: /srv/apt
    owner: apt
    group: apt
    mode: 0755

- name: configure apache to server repo over http
  template:
    src: "{{ item.src }}"
    dest: "/etc/apache2/sites-available/{{ item.dest }}"
    owner: root
    group: root
    mode: 0644
  notify: restart apache2
  with_items:
    - src: apache-http.conf
      dest: 000-default.conf

- name: mkdir /src/apt/conf
  file:
    path: /srv/apt/conf
    state: directory

- name: create conf/distributions
  template:
    src: distributions.j2
    dest: /srv/apt/conf/distributions

- name: create conf/uploaders
  template:
    src: uploaders
    dest: /srv/apt/conf/uploaders

- name: create conf/incoming
  template:
    src: incoming
    dest: /srv/apt/conf/incoming

- name: create incoming directory
  file:
    state: directory
    dest: /srv/apt/incoming
    owner: apt
    group: incoming
    mode: 01777

- name: create temp directory
  file:
    state: directory
    dest: /srv/apt/tmp
    owner: apt
    group: apt
    mode: 0755

- name: create .gnupg for apt user
  file:
    state: directory
    dest: /home/apt/.gnupg
    owner: apt
    group: apt
    mode: 0700

- name: copy over gpg keys to apt
  copy:
    content: "{{ item.content }}"
    dest: "/home/apt/{{ item.name }}"
    owner: apt
    group: apt
    mode: 0600
  with_items:
    - content: "{{ apt_signing_key }}"
      name: key
    - content: "{{ apt_signing_key_pub }}"
      name: key.pub

- name: import gpg keys for apt
  become_user: apt
  shell: |
    cd /home/apt
    gpg --import key key.pub

- name: delete temp key copies
  file:
    dest: "/home/apt/{{ item }}"
    state: absent
  with_items:
    - key
    - key.pub

- name: allow aptuser use incron
  lineinfile:
    dest: /etc/incron.allow
    line: apt

- name: create process-incoming script
  copy:
    src: process-incoming
    dest: /srv/apt/process-incoming
    owner: apt
    group: apt
    mode: 0755

- name: set up incrontab for processing incoming uploads
  shell: |
    incrontab - << EOF
    /srv/apt/incoming IN_CLOSE_WRITE /srv/apt/process-incoming
    EOF
  become_user: apt