---
- name: Check if required variables are defined
  ansible.builtin.fail:
    msg: "{{ item }} is not defined or empty"
  when: |
    (vars[item] is undefined)
    or (vars[item] is none)
    or (vars[item] | trim | length == 0)    
  with_items:
    - gitea_admin_user
    - gitea_admin_password
    - gitea_admin_email
    - gitea_binary_version
    - gitea_binary_url
    - gitea_binary_checksum
    - gitea_domain_name
    - gitea_binary_ca_cert_path
    - gitea_binary_cert_path
    - gitea_binary_cert_key_path
    - gitea_binary_cert_chain_path

- name: Add Gitea domain name to /etc/hosts
  ansible.builtin.lineinfile:
    dest: /etc/hosts
    regexp: ".*?\\s{{ gitea_domain_name }}"
    line: "127.0.0.1   {{ gitea_domain_name }}"
    state: present

- name: Install git
  ansible.builtin.dnf:
    name: git-core
    state: installed

- name: Download Gitea binary
  ansible.builtin.get_url:
    url: "{{ gitea_binary_url }}"
    dest: /usr/local/bin/gitea
    checksum: "sha256:{{ gitea_binary_checksum }}"
    owner: root
    group: root
    mode: '0755'

- name: Create Gitea system group
  ansible.builtin.group:
    name: "{{ gitea_binary_system_group }}"
    system: true
    state: present

- name: Create Gitea system user
  ansible.builtin.user:
    name: "{{ gitea_binary_system_user }}"
    group: "{{ gitea_binary_system_group }}"
    shell: /bin/bash
    home: "/home/{{ gitea_binary_system_user }}"
    system: true
    comment: 'Git Version Control'

- name: Create Gitea working directories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: "{{ gitea_binary_system_user }}"
    group: "{{ gitea_binary_system_group }}"
    mode: '0750'
  with_items:
    - /var/lib/gitea
    - /var/lib/gitea/custom
    - /var/lib/gitea/data
    - /var/lib/gitea/log

- name: Create Gitea configuration directory
  ansible.builtin.file:
    path: /etc/gitea
    state: directory
    owner: root
    group: "{{ gitea_binary_system_group }}"
    mode: '0770'

- name: Generate Gitea configuration file
  community.general.ini_file:
    path: /etc/gitea/app.ini
    option: "{{ item.key }}"
    section: "{{ item.section | default(none) }}"
    value: "{{ item.value }}"
    owner: "{{ gitea_binary_system_user }}"
    group: "{{ gitea_binary_system_group }}"
    mode: '0600'
  with_items:
    # default section
    - { key: 'APP_NAME', value: "{{ gitea_app_name }}" }
    - { key: 'RUN_USER', value: "{{ gitea_binary_system_user }}" }
    - { key: 'WORK_PATH', value: '/var/lib/gitea' }
    - { key: 'RUN_MODE', value: 'prod' }
    # database section
    - { key: 'DB_TYPE', value: 'postgres', section: 'database' }
    - { key: 'HOST', value: '127.0.0.1:5432', section: 'database' }
    - { key: 'NAME', value: "{{ gitea_db_name }}", section: 'database' }
    - { key: 'USER', value: "{{ gitea_db_user }}", section: 'database' }
    - { key: 'PASSWD', value: "{{ gitea_db_password }}", section: 'database' }
    - { key: 'SCHEMA', value: '', section: 'database' }
    - { key: 'SSL_MODE', value: 'disable', section: 'database' }
    #- { key: 'PATH', value: '/var/lib/gitea/data/gitea.db', section: 'database'}
    - { key: 'LOG_SQL', value: 'false', section: 'database' }
    # repository section
    - { key: 'ROOT', value: '/var/lib/gitea/data/gitea-repositories', section: 'repository' }
    # server section
    - { key: 'SSH_DOMAIN', value: "{{ gitea_domain_name }}", section: 'server' }
    - { key: 'DOMAIN', value: "{{ gitea_domain_name }}", section: 'server' }
    - { key: 'HTTP_PORT', value: '3000', section: 'server' }
    - { key: 'ROOT_URL', value: "http://{{ gitea_domain_name }}/", section: 'server' }
    - { key: 'APP_DATA_PATH', value: '/var/lib/gitea/data', section: 'server' }
    - { key: 'DISABLE_SSH', value: 'false', section: 'server' }
    - { key: 'SSH_PORT', value: '22', section: 'server' }
    - { key: 'LFS_START_SERVER', value: 'true', section: 'server' }
    - { key: 'OFFLINE_MODE', value: 'false', section: 'server' }
    # security section
    - { key: 'INSTALL_LOCK', value: 'true', section: 'security' }
  notify:
    - restart gitea

- name: Generate Gitea systemd service
  ansible.builtin.template:
    src: gitea.service.j2
    dest: /etc/systemd/system/gitea.service
    owner: root
    group: root
    mode: '0644'

- name: Generate Gitea httpd virtual host config
  ansible.builtin.template:
    src: httpd-vhost.conf.j2
    dest: /etc/httpd/conf.d/{{ gitea_domain_name }}.conf
    owner: root
    group: root
    mode: '0644'
  notify: restart httpd

- name: Enable and start Gitea systemd service
  ansible.builtin.systemd_service:
    name: gitea
    daemon_reload: true
    enabled: true
    state: started

- name: Wait for Gitea service up
  ansible.builtin.uri:
    url: "http://127.0.0.1:3000/"
    method: GET
  register: result
  until: result.status == 200
  retries: 30
  delay: 2

- name: Check if Gitea administrator user exists
  ansible.builtin.shell:
    cmd: "/usr/local/bin/gitea -c /etc/gitea/app.ini admin user list --admin | tail -n +2 | grep '{{ gitea_admin_user }}'"
  become: true
  become_user: "{{ gitea_binary_system_user }}"
  register: gitea_admin_list
  changed_when: gitea_admin_list.rc != 0
  failed_when: gitea_admin_list.rc not in [0, 1]

- name: Create Gitea administrator user
  ansible.builtin.command: "/usr/local/bin/gitea -c /etc/gitea/app.ini admin user create --admin --username '{{ gitea_admin_user }}' --password '{{ gitea_admin_password }}' --email '{{ gitea_admin_email }}' --must-change-password=false"
  become: true
  become_user: "{{ gitea_binary_system_user }}"
  when: gitea_admin_list.rc != 0