---
- name: upgrade
  hosts: all
  become: true
  vars:
    ansible_python_interpreter: python3
  tasks:
    - name: set timezone
      community.general.timezone:
        name: Europe/Paris
    - name: upgrade
      apt:
        upgrade: true
        update_cache: true
    - name: stat reboot-required file
      stat:
        path: /var/run/reboot-required
      register: _reboot_required_stat
    - name: debug _reboot_required_stat
      debug:
        var: _reboot_required_stat
    - name: reboot if required
      reboot:
      when: _reboot_required_stat.stat.exists
- name: install yunohost
  hosts: all
  become: true
  vars:
    ansible_python_interpreter: python3
    installation_script_path: /tmp/yunohost_installation_script.sh
  tasks:
    - name: stat /etc/yunohost directory
      stat:
        path: /etc/yunohost
      register: _stat_etc_yunohost
    - block:
        - name: retrieve ynh installation script
          get_url:
            url: https://install.yunohost.org
            dest: "{{ installation_script_path }}"
            mode: +x
            owner: root
            group: root
        - name: install yunohost
          command: bash {{ installation_script_path }} -a -f
          # -a automatic and -f do not run checks
        # I don't know why, after YNH installation, dnsmasq is down...
        # dnsmasq.service: Start-post operation timed out. Stopping.
        # found a post on YNH forum with no answer:
        # https://forum.yunohost.org/t/dnsmasq-fails-to-start-in-post-install-on-fresh-system/10153
        # so I just use a workaround, start the service...
        - name: ensure dnsmasq service is started
          service:
            name: dnsmasq
            state: started
        - name: install python3-pip
          apt:
            name: python3-pip
        - name: install pexpect
          pip:
            executable: pip3
            name: pexpect
        - name: run post installation
          ansible.builtin.expect:
            command: yunohost tools postinstall
            timeout: null
            responses:
              (?i)main domain: restic.test
              (?i)administration password: This is my password!
        - name: remove installation script
          file:
            path: "{{ installation_script_path }}"
            state: absent
      when: not _stat_etc_yunohost.stat.exists

- name: install restic
  hosts: all
  become: true
  vars:
    restic_username: resticbackup
  tasks:
    - name: add backup user
      user:
        name: "{{ restic_username }}"
    - name: install restic
      command: >-
        yunohost app install --force /restic_ynh -a "server=localhost&ssh_user=resticbackup&passphrase=APassphrase&conf=1&port=22&backup_path=&data=1&app=all&allow_extra_space_use=1&on_calendar=Daily&check_on_calendar=*-*-8,15,22&check_read_data_on_calendar=*-*-1&domain=sub.domain.tld&path=&admin=package_checker&is_public=&apps=all"
      args:
        creates: /opt/yunohost/restic
    - name: install several instances of my_webapp
      command: >-
        yunohost app install my_webapp -a "&domain=restic.test&path={{ item.path }}&admin=package_checker&is_public=1&password=APassphrase&with_sftp=0&with_mysql=0"
      args:
        creates: "{{ item.creates }}"
      loop:
        - path: webapp1
          creates: /etc/yunohost/apps/my_webapp
        - path: webapp2
          creates: /etc/yunohost/apps/my_webapp__2
        - path: webapp3
          creates: /etc/yunohost/apps/my_webapp__3
    - name: get ssh key
      command: cat /root/.ssh/id_restic_ed25519.pub
      changed_when: false
      register: _restic_public_key
    - name: ensure .ssh directory exists for user {{ restic_username }}
      file:
        path: /home/{{ restic_username }}/.ssh
        mode: u=rwx,go=
        state: directory
        owner: "{{ restic_username }}"
        group: "{{ restic_username }}"
    - name: ensure restic public key is authorized on user {{ restic_username }}
      lineinfile:
        create: true
        mode: u=rw,go=
        owner: "{{ restic_username }}"
        group: "{{ restic_username }}"
        path: /home/{{ restic_username }}/.ssh/authorized_keys
        line: "{{ _restic_public_key.stdout }}"
- name: check that backuping all apps works
  hosts: all
  become: true
  vars:
    restic_username: resticbackup
    restic_password: APassphrase
  tasks:
    - name: ensure restic is set to backup all apps
      lineinfile:
        path: /etc/yunohost/apps/restic/settings.yml
        regexp: '^apps:'
        line: 'apps: all'
    - name: start a backup
      service:
        name: restic
        state: started
    - name: gather installed apps list
      shell: yunohost app list | grep 'id:' | awk '{print $2}'
      changed_when: false
      register: _yunohost_app_list
    - name: stat all apps backup repository
      stat:
        path: /home/{{ restic_username }}/auto_{{ item }}
      loop: "{{ _yunohost_app_list.stdout_lines }}"
      register: _all_apps_repository_stat
    - name: ensure a repository exists for all apps
      assert:
        that: _all_apps_repository_stat.results[index]['stat']['exists']
        fail_msg: "No repository was created for app {{ item }}"
        success_msg: "A repository has been found for app {{ item }}"
      loop: "{{ _yunohost_app_list.stdout_lines }}"
      loop_control:
        index_var: index
    - name: Ensure at least one snapshot has been created for all apps
      environment:
        RESTIC_PASSWORD: "{{ restic_password }}"
      command: restic -r /home/{{ restic_username }}/auto_{{ item }} list snapshots
      failed_when: _restic_apps_snapshots.stdout_lines | length < 1
      changed_when: false
      register: _restic_apps_snapshots
      loop: "{{ _yunohost_app_list.stdout_lines }}"
      loop_control:
        index_var: index
- name: check that a check works
  hosts: all
  become: true
  vars:
    restic_username: resticbackup
    restic_password: APassphrase
  tasks:
    - name: start a check
      service:
        name: restic_check
        state: started