---
- name: Check if required variables are defined
  ansible.builtin.fail:
    msg: "{{ item }} is not defined or empty"
  when: |
    (vars[item] is undefined)
    or (vars[item] is none)
    or (vars[item] | trim | length == 0)    
  with_items:
    - koji_domain_name
    - koji_kerberos_realm
    - koji_builder_git_server_url
    - koji_builder_storage_url
    - koji_builder_storage_proto
    - koji_builder_principal
    - koji_builder_keytab
    - koji_builder_distribution
    - koji_builder_packager
    - koji_builder_vendor

- name: Create /mnt/koji directory
  ansible.builtin.file:
    path: /mnt/koji
    state: directory
    owner: root
    group: root
    mode: '0755'

- block:
    - name: Install nfs-utils
      ansible.builtin.dnf:
        name: nfs-utils
        state: installed

    - name: Mount /mnt/koji NFS directory
      ansible.posix.mount:
        src: "{{ koji_domain_name }}:/mnt/koji"
        path: /mnt/koji
        fstype: nfs4
        opts: ro
        state: mounted
  when: koji_builder_nfs_mount

- name: Add Koji CA certificate to system
  ansible.builtin.file:
    src: "{{ koji_builder_ca_cert_path }}"
    dest: /etc/pki/ca-trust/source/anchors/koji-ca.crt
    state: link
  register: koji_builder_ca_anchor

- name: Trust Koji CA certificate
  command: update-ca-trust extract
  when: koji_builder_ca_anchor.changed
  notify:
    - restart kojid

- name: Install koji-builder
  ansible.builtin.dnf:
    name: koji-builder
    state: present

# TODO: add FreeIPA support
- name: Generate koji-builder principal keytab
  ansible.builtin.include_role:
    name: msvsphere.ci.kerberos_principal
  vars:
    kerberos_principal_name: "{{ koji_builder_principal }}"
    kerberos_principal_keytab_path: "{{ koji_builder_keytab }}"

- name: Configure kojid
  community.general.ini_file:
    path: /etc/kojid/kojid.conf
    section: kojid
    option: "{{ item.key }}"
    value: "{{ item.value }}"
  with_items:
    - { key: 'server', value: "https://{{ koji_domain_name }}/kojihub" }
    - { key: 'topurl', value: "https://{{ koji_domain_name }}/kojifiles" }
    - { key: 'topdir', value: '/mnt/koji' }
    - { key: 'workdir', value: '/tmp/koji' }
    - { key: 'allowed_scms', value: "{{ koji_builder_git_server_url }}:/*:false:inferitpkg-get-sources,--storage-proto,{{ koji_builder_storage_proto }},--storage-url,{{ koji_builder_storage_url }}" }
    - { key: 'krb_principal', value: "{{ koji_builder_principal }}" }
    - { key: 'keytab', value: "{{ koji_builder_keytab }}" }
    - { key: 'vendor', value: "{{ koji_builder_vendor }}" }
    - { key: 'packager', value: "{{ koji_builder_packager }}" }
    - { key: 'distribution', value: "{{ koji_builder_distribution }}" }
    - { key: 'use_createrepo_c', value: 'True' }
    # NOTE: this setting allows building i686 and x86_64 architectures in parallel
    - { key: 'build_arch_can_fail', value: 'True' }
  notify:
    - restart kojid

- name: Enable and start kojid service
  ansible.builtin.service:
    name: kojid
    enabled: true
    state: started