- name: install login packages
  apt:
    name: "{{ item }}"
    state: present
    update_cache: yes
    cache_valid_time: 3600
    install_recommends: '{{ install_recommends | default("no") }}'
  with_items:
    - git
    - python3
    - python3-ldap3
    - python3-flask

- name: clone login repository
  git:
    repo: http://projects.lilik.it/lilik/lilik_users3.git
    dest: /srv/login
  notify:
    - restart login

- name: add login user
  user:
    name: login
    system: yes
    home: /srv/login

- name: slurp slap secret file
  slurp:
    src: /etc/slapd.secret
  register: slapdsecret
  failed_when: false
  changed_when: false
  delegate_to: ldap

- set_fact:
    ldap_password: "{{ slapdsecret['content'] | b64decode }}"

- name: add login config
  template:
    src: config.py.j2
    dest: /srv/login/config.py
    mode: 440
    owner: login
    group: login

  register: add_login_startup_script
  notify:
    - restart login

- name: add systemd service for api server
  template:
    src: login.service
    dest: /etc/systemd/system/login.service

- name: create /var/log/login.log
  file:
    path: /var/log/login.log
    owner: login
    group: login
    mode: 0664
    state: file

- name: add nginx configurations
  template:
    src: login.conf
    dest: "/etc/nginx/locations/{{ server_fqdn }}/login.conf"
  notify:
    - restart nginx

- name: reload systemd
  systemd:
    daemon_reload: yes
    name: login
    state: started
    enabled: yes