- name: "install VCSWorker dependencies and useful tools"
  apt:
    name:
      - screen
      - git
      - haproxy
      - psmisc
      - python3
      - python3-bottle
      - python3-jwt
      - python3-crypto
    state: present

- name: "install VCSWorker source"
  git:
    repo: git://git.liw.fi/wmf-ci-arch
    dest: /srv/wmf-ci-arch

- name: "create user for VCSWorker"
  user:
    name: _wmf
    comment: "WMF CI"

- name: "install key for checking incoming access tokens"
  copy:
    src: token.pub
    dest: /etc/wmf_ci_token.pub
    owner: root
    group: root
    mode: '0644'

- name: "create ~_wmf/.ssh"
  file:
    state: directory
    dest: /home/_wmf/.ssh
    owner: _wmf
    group: _wmf
    mode: '0700'

- name: "install SSH public key for _wmf"
  copy:
    content: |
      {{ vcsworker_ssh_pub }}
    dest: /home/_wmf/.ssh/vcsworker.pub
    owner: _wmf
    group: _wmf
    mode: '0644'

- name: "install SSH private key for _wmf"
  copy:
    content: |
      {{ vcsworker_ssh }}
    dest: /home/_wmf/.ssh/vcsworker
    owner: _wmf
    group: _wmf
    mode: '0600'

# FIXME: This is clearly not OK for production.
- name: "configure ssh to not check for new host keys"
  copy:
    src: ssh_config
    dest: /home/_wmf/.ssh/config
    owner: _wmf
    group: _wmf
    mode: '0644'

- name: "install API access token for GitLab"
  copy:
    content: "{{ gitlab_token }}"
    dest: /etc/wmf_gitlab_token
    owner: _wmf
    group: _wmf
    mode: '0600'

- name: "install API access token for artifact store"
  copy:
    content: "{{ artifact_token }}"
    dest: /etc/wmf_artifact_token
    owner: _wmf
    group: _wmf
    mode: '0600'

- name: "install vcsworker.service"
  copy:
    src: vcsworker.service
    dest: /lib/systemd/system/vcsworker.service

- name: "enable and (re)start vcsworker"
  systemd:
    name: vcsworker.service
    daemon_reload: yes
    enabled: yes
    state: restarted