---
- name: Create doorman user
  user:
    comment: 'Doorman Doris'
    name: doorman
    shell: '/bin/bash'
    uid: 3000
    group: users
    groups:
    - dialout
    - gpio

- name: Check out lockserver repo
  git:
    dest: '~doorman/lockserver'
    repo: 'https://github.com/labitat/lockserver.git'
    accept_hostkey: yes
    clone: yes
    update: yes
    remote: origin

- name: Make sure doorman owns git repo
  file:
    dest: '~doorman/lockserver'
    owner: doorman
    group: users
    recurse: yes

- name: Initialize database
  command:
    argv:
    - '/usr/bin/sqlite3'
    - 'users.db'
    - '.read lockserver/structure.sql'
  become_user: doorman
  args:
    chdir: '/home/doorman'
    creates: '/home/doorman/users.db'

- name: Make sure ~doorman/.config exists
  file:
    dest: '~doorman/.config'
    state: directory
    owner: doorman
    group: users
    mode: 0700

- name: Create lockserver.ini
  vars:
    lockserver_conf: '{{ lockserver_conf_role|combine(lockserver_conf_secrets) }}'
  ini_file:
    path: '~doorman/.config/lockserver.ini'
    section: "{{ item.key.split('.',1)[0] }}"
    option:  "{{ item.key.split('.',1)[1] }}"
    value:   "{{ (item.value is string)|ternary(item.value,omit) }}"
    state:   "{{ (item.value is string)|ternary('present','absent') }}"
    owner: doorman
    group: users
    mode: 0600
  with_dict: '{{ lockserver_conf }}'
  when: lockserver_conf_secrets|length > 0

- name: Install lockserver service
  copy:
    dest: '/etc/systemd/system/lockserver.service'
    src: lockserver.service
    owner: root
    group: root
    mode: 0644
  register: lockserver_service

- name: Reload systemd
  command: systemctl daemon-reload
  when: lockserver_service is changed

- name: Enable lockserver service
  systemd:
    name: lockserver.service
    enabled: yes
    masked: no
    state: started

# vim: set ts=2 sw=2 et: