---

- name: Create futureporn group
  ansible.builtin.group:
    name: futureporn
    state: present

- name: Create futureporn user
  ansible.builtin.user:
    name: futureporn
    group: futureporn
    create_home: true
    home: /home/futureporn
    system: true

- name: Ensure futureporn directory exists
  ansible.builtin.file:
    path: /opt/futureporn
    state: directory
    mode: "0755"
  notify:
    - restart worker

- name: Ensure config directory exists
  ansible.builtin.file:
    path: /usr/local/etc/futureporn/our
    state: directory
    mode: "0755"
  notify:
    - restart worker

- name: Generate .env file
  ansible.builtin.template:
    src: env.j2
    dest: "{{ env_file }}"
    mode: "0600"
  notify:
    - restart worker

- name: Download Futureporn source code
  ansible.builtin.git:
    repo: https://gitea.futureporn.net/futureporn/fp
    dest: /opt/futureporn
    version: "{{ our_commit }}"
    update: true
  tags:
    - our
  notify:
    - Restart worker

- name: Install Our packages based on package.json
  community.general.npm:
    path: "{{ app_dir }}"


- name: Install passlib
  ansible.builtin.pip:
    name: passlib # dependency of Ansible's passwordhash
    state: present

- name: Create our-worker service
  ansible.builtin.template:
    src: our-worker.service.j2
    dest: /etc/systemd/system/our-worker.service
    mode: "0644"
  notify:
    - restart worker


- name: Set default UFW policy to deny incoming
  community.general.ufw:
    state: enabled
    policy: deny
    direction: incoming