- name: 'install requirements'
  apt:
    pkg:
      - 'sudo'
      - 'bzip2'
      - 'php7.3-fpm'
      - 'php7.3-common'
      - 'php7.3-xml'
      - 'php7.3-gd'
      - 'php7.3-json'
      - 'php7.3-mbstring'
      - 'php7.3-zip'
      - 'php7.3-pgsql'
      - 'php7.3-ldap'
      - 'php7.3-curl'
      - 'php7.3-intl'
      - 'php7.3-bz2'
      #- 'php7.3.-imagick'
      #- 'ffmpeg'
      - 'postgresql'
      - 'postgresql-contrib'
      - 'python3-psycopg2'
      - 'ca-certificates'
    state: 'present'
    update_cache: true
    cache_valid_time: 3600
  tags:
    - 'packages'

- block:
    - name: 'create nextcloud DB'
      postgresql_db:
        name: 'nextcloud'
    - name: 'create nextcloud DB user'
      postgresql_user:
        name: 'www-data'
        db: 'nextcloud'
        priv: 'ALL'
  become: true
  become_method: 'su'
  become_user: 'postgres'

- name: 'download latest nextcloud'
  get_url:
    url: 'https://download.nextcloud.com/server/releases/nextcloud-18.0.3.tar.bz2'
    dest: '/opt/nextcloud.tar.bz2'
  register: 'new_download'
  tags:
    - 'packages'

- name: 'unpack nextcloud'
  unarchive:
    src: '/opt/nextcloud.tar.bz2'
    dest: '/opt'
    owner: 'www-data'
    group: 'www-data'
    copy: no
  when: new_download.changed
  tags:
    - 'packages'

- name: 'create nextcloud data folder'
  file:
    path: '/opt/nextcloud_data'
    owner: 'www-data'
    group: 'www-data'
    state: 'directory'

- name: 'create nginx configuration'
  template:
    src: 'nextcloud.conf.j2'
    dest: '/etc/nginx/locations/{{ server_fqdn }}/nextcloud.conf'
  notify: 'restart nginx'

- import_tasks: 'occ.yaml'
  vars:
    occ_args: '--no-warnings status --output json'
    ignore_changes: true
- set_fact:
    installed: '{{ occ_out.installed }}'

- block:
    - name: 'create random root password'
      gen_passwd: length=20
      register: 'password'
    - set_fact:
        initial_root_password: '{{  new_passwd.passwd }}'
    - name: 'store root password plaintext'
      copy:
        content: '{{ initial_root_password }}'
        dest: '/etc/nextcloud.secret'
    - fail:
        msg: >-
          Warning! First Install and `initial_root_password` not provided.
          Random password generated and stored in /etc/nextcloud.secret.
          **WIPE AS SOON AS POSSIBLE**
        failed_when: false
  when: (initial_root_password is not defined) and (not installed)

- name: 'install nextcloud'
  include_tasks: 'occ.yaml'
  vars:
     occ_args: >-
       maintenance:install
       --database 'pgsql'
       --database-name 'nextcloud'
       --database-host '/var/run/postgresql'
       --database-user 'www-data'
       --database-pass ''
       --admin-pass '{{ initial_root_password }}'
       --data-dir '/opt/nextcloud_data'
       --no-interaction
     nojson: true
  when: not installed

- name: 'set trusted_domains'
  occ:
    command: 'config:system:set'
    key: 'trusted_domains {{ idx }}'
    value: '{{ item }}'
  loop:
    - 'localhost'
    - '{{ server_fqdn }}'
  loop_control:
    index_var: idx

- name: 'update tls ca'
  copy:
    content: '{{ tls_root_ca }}'
    dest: '/etc/ldap/root_ca.crt'
  tags:
    - 'tls_int'

- name: 'configure ldap client'
  copy:
    src: 'ldap.conf'
    dest: '/etc/ldap/ldap.conf'

- name: 'enable user_ldap'
  occ:
    command: 'config:app:set'
    key: 'user_ldap enabled'
    value: 'yes'
  tags:
    - 'service_password'

- name: 'configure user_ldap'
  occ:
    command: 'config:app:set'
    key: 'user_ldap s01{{ item.key }}'
    value: '{{ item.value }}'
  loop: '{{ ldap_settings|dict2items }}'
  vars:
    ldap_settings:
      has_memberof_filter_support: '1'
      ldap_host: '{{ ldap_server }}'
      ldap_port: '389'
      ldap_dn: 'cn={{ ansible_hostname }},ou=Server,{{ ldap_basedn }}'
      ldap_base: 'ou=People,{{ ldap_basedn }}'
      ldap_base_users: 'ou=People,{{ ldap_basedn }}'
      ldap_base_groups: 'ou=Groups,{{ ldap_basedn }}'
      ldap_login_filter: '(&(cn=%uid)(authorizedService=nextcloud))'
      ldap_user_filter: '(authorizedService=nextcloud)'
      ldap_attributes_for_user_search: 'cn'
      ldap_attributes_for_group_search: 'cn'
      ldap_email_attr: 'mail'
      ldap_tls: '1'
      ldap_experienced_admin: '1'
      ldap_configuration_active: '1'

- name: 'generate nextcloud ldap password'
  gen_passwd: 'length=32'
  register: 'new_passwd'
  tags:
    - 'service_password'

- name: 'set nextcloud ldap password in ldap'
  delegate_to: 'localhost'
  ldap_passwd:
    dn: 'cn={{ ansible_hostname }},ou=Server,{{ ldap_basedn }}'
    passwd: '{{ new_passwd.passwd }}'
    server_uri: 'ldap://{{ ldap_server }}'
    start_tls: true
    bind_dn: '{{ ldap_admin_dn }}'
    bind_pw: '{{ ldap_admin_pw }}'
  tags:
    - 'service_password'

- import_tasks: 'occ.yaml'
  vars:
    occ_args: 'ldap:set-config s01 ldapAgentPassword {{ new_passwd.passwd }}'
    nojson: true
  tags:
    - 'service_password'
...