---

- name: Configure system user
  user:
    state: present
    name: "{{ nextcloud_system_user }}"
    system: yes
    shell: /bin/false
    create_home: yes
    move_home: yes
    home: "{{ nextcloud_user_directory }}"

- name: Create database for nextcloud
  import_role:
    name: mysql/database
  vars:
    # database_user

- name: Request php-pool for nextcloud
  import_role:
    name: nginx/php-pool
  vars:
    # system_user
    src: "{{ nextcloud_installation_directory }}"
    includes:
      - "{{ nextcloud_installation_directory }}/apps"

- name: Request custom nginx php server
  import_role:
    name: nginx/server
  vars:
    directives: |
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
      add_header Referrer-Policy no-referrer;
      fastcgi_hide_header X-Powered-By;
      root {{ nextcloud_installation_directory }};
      location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
      }
      location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
      }
      rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
      client_max_body_size 10240M;
      #fastcgi_buffers 64 4K;
      location / {
        rewrite ^ /index.php$request_uri;
      }
      location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
      }
      location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
      }
      #location ~ \.(?:flv|mp4|mov|m4a)$ {
      #  mp4;
      #  mp4_buffer_size 100M;
      #  mp4_max_buffer_size 1024M;
      #  fastcgi_split_path_info ^(.+?\.php)(/.*)$;
      #  try_files $uri =404;
      #  fastcgi_index index.php;
      #  include fastcgi_params;
      #  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      #  fastcgi_param PATH_INFO $fastcgi_path_info;
      #  fastcgi_param HTTPS on;
      #  fastcgi_param modHeadersAvailable true;
      #  fastcgi_param front_controller_active true;
      #  fastcgi_pass {{ pool_name }};
      #  fastcgi_intercept_errors on;
      #  fastcgi_request_buffering off;
      #}
      location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass {{ pool_name }};
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
      }
      location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
      }
      location ~ \.(?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$request_uri;
        access_log off;
      }

- name: Install required dependencies
  apt:
    state: present
    name:
      # For Office / Video Previews
      - ffmpeg
      - libreoffice
      # PHP Dependencies
      - php-apcu
      - php-bz2
      - php-curl
#      - php-dom
#      - php-fileinfo
      - php-gd
#      - php-iconv
      - php-imagick
      - php-intl
      - php-json
      - php-mbstring
#      - php-mcrypt
      - php-mysql
#      - php-posix
#      - php-simplexml
      - php-xml
#      - php-xmlreader
#      - php-xmlwriter
      - php-zip

# TODO Redis

- name: Check if Nextcloud is already downloaded
  stat:
    path: "{{ nextcloud_installation_directory }}/index.php"
  register: nextcloud_installed
  check_mode: no

- name: Download Nextcloud
  become_user: "{{ nextcloud_system_user }}"
  include_tasks: install.yml
  when: not nextcloud_installed.stat.exists

- name: Create data directory
  file:
    state: directory
    path: "{{ nextcloud_data_directory }}"
    owner: "{{ nextcloud_system_user }}"
    group: "{{ nextcloud_system_user }}"
    mode: "u=rwx,g=rx"

- name: Install Nextcloud
  become_user: "{{ nextcloud_system_user }}"
  command: >-
    /usr/bin/php occ maintenance:install
    --database mysql
    --database-name {{ database_name | quote }}
    --database-user {{ database_user | quote }}
    --database-pass {{ database_pass | quote }}
    --database-table-prefix oc_
    --admin-user {{ nextcloud_admin_user | quote }}
    --admin-pass {{ nextcloud_admin_pass | quote }}
    --data-dir {{ nextcloud_data_directory | quote }}
  args:
    chdir: "{{ nextcloud_installation_directory }}"
    creates: "{{ nextcloud_config }}"

- name: Configure Nextcloud default domain
  become_user: "{{ nextcloud_system_user }}"
  lineinfile:
    backrefs: yes
    path: "{{ nextcloud_config }}"
    insertafter: "array \\("
    regexp: "^(\\s*)0 => '.*',$"
    line: "\\g<1>0 => '{{ domain }}',"
    validate: /usr/bin/php %s

- name: Configure Nextcloud default domain for cli
  become_user: "{{ nextcloud_system_user }}"
  lineinfile:
    backrefs: yes
    path: "{{ nextcloud_config }}"
    insertafter: "'version'"
    regexp: "^(\\s*)'overwrite.cli.url' => '.*',$"
    line: "\\1'overwrite.cli.url' => 'https://{{ domain }}',"
    validate: /usr/bin/php %s

- name: Install Nextcloud apps
  become_user: "{{ nextcloud_system_user }}"
  command: "/usr/bin/php occ app:install {{ item | quote }}"
  args:
    chdir: "{{ nextcloud_installation_directory }}"
  register: nextcloud_apps_install_results
  changed_when: "'already installed' not in nextcloud_apps_install_results.stdout"
  failed_when: nextcloud_apps_install_results.rc != 0 and not (nextcloud_apps_install_results.rc == 1 and 'already installed' in nextcloud_apps_install_results.stdout)
  with_items:
    - accessibility
    - activity
    - admin_audit
    - apporder
    - bruteforcesettings
    - calendar
    - checksum
    - cloud_federation_api
    - comments
    - contacts
    - dav
    - external
    - federatedfilesharing
    - federation
    - files
    - files_automatedtagging
    - files_external
    - files_pdfviewer
    - files_rightclick
    - files_sharing
    - files_texteditor
    - files_trashbin
    - files_versions
    - files_videoplayer
    - firstrunwizard
    - gallery
    - logreader
    - lookup_server_connector
    - mail
    - metadata
    - nextcloud_announcements
    - notes
    - notifications
    - oauth2
    - password_policy
    - polls
    - provisioning_api
    - quota_warning
    - serverinfo
    - sharebymail
    - sharerenamer
    - social
    - sociallogin
    - socialsharing_email
    - spreed
    - support
    - survey_client
    - systemtags
    - tasks
    - theming
    - twofactor_admin
    - twofactor_backupcodes
    - twofactor_gateway
    - twofactor_nextcloud_notification
    - twofactor_totp
    - twofactor_u2f
    - updatenotification
    - workflowengine

- name: Set background job mode to cron
  become_user: "{{ nextcloud_system_user }}"
  command: /usr/bin/php occ background:cron
  args:
    chdir: "{{ nextcloud_installation_directory }}"

- name: Add background cron job
  cron:
    name: "nextcloud"
    minute: "*/5"
    job: "php -f \"{{ nextcloud_installation_directory }}/cron.php\""

- name: Configure auto backup of nextcloud data directory
  cron:
    hour: 1
    minute: 0
    job: "{{ global_helper_directory }}/backup_files.sh {{ nextcloud_data_directory | quote }} {{ domain | quote }}"
    name: "backup nextcloud data of {{ domain }}"
    state: present

#- name: Upgrade Nextcloud
#  become_user: "{{ nextcloud_system_user }}"
#  command: /usr/bin/php occ upgrade
#  args:
#    chdir: "{{ nextcloud_installation_directory }}"
#  register: nextcloud_upgrade_result
#  changed_when: "'already latest version' not in nextcloud_upgrade_result.rc"