---

- name: Download Nextcloud release
  become_user: "{{ system_user }}"
  get_url:
    url: "{{ nextcloud_release_remote }}"
    checksum: "sha256:{{ nextcloud_release_remote_checksum }}"
    dest: "{{ nextcloud_release_file }}"
    mode: "u=rw,g=r,o="
    validate_certs: yes

- name: Download signature for Nextcloud release
  become_user: "{{ system_user }}"
  get_url:
    url: "{{ nextcloud_release_remote_signature }}"
    dest: "{{ nextcloud_release_signature }}"
    mode: "u=rw,g=r,o="
    force: yes
    validate_certs: yes

- name: Receive public key of Nextcloud developers
  become_user: "{{ system_user }}"
  command: >-
    "{{ global_helper_directory }}/gpg_import_url_key.sh"
    {{ nextcloud_gpg_key_remote | quote }}
    {{ nextcloud_gpg_fingerprint | quote }}
    {{ nextcloud_keyring | quote }}
  args:
    chdir: "{{ user_directory }}"
  register: receive_public_key
  changed_when: receive_public_key.rc != 2
  failed_when: receive_public_key.rc != 0 and receive_public_key != 2

- name: Validate signature
  become_user: "{{ system_user }}"
  command: >-
    /usr/bin/gpg2
    --quiet
    --no-default-keyring
    --keyring "{{ nextcloud_keyring }}"
    --verify "{{ nextcloud_release_signature }}"
  args:
    chdir: "{{ user_directory }}"

- name: Unpack Nextcloud release
  become_user: "{{ system_user }}"
  unarchive:
    src: "{{ nextcloud_release_file }}"
    remote_src: yes
    dest: "{{ user_directory }}"
    owner: "{{ system_user }}"
    group: "{{ system_user }}"

- name: Remove installation files
  file:
    state: absent
    path: "{{ item }}"
  loop:
    - "{{ nextcloud_release_file }}"
    - "{{ nextcloud_release_signature }}"