---
- name: Install Radicale package dependencies.
  apt:
    name: "{{ packages }}"
  vars:
    packages:
      - python3
      - python3-pip
      - python3-setuptools
      - apache2-utils
      # These three are for Ansible itself to run on the managed host.
      - python-setuptools
      - python-passlib
      - python-bcrypt

- name: Install Radicale Python dependencies.
  pip:
    executable: pip3 # Radicale requires Python 3.3 or greater.
    name: "{{ item }}"
    state: present
  loop:
    - passlib
    - bcrypt

- name: Create Radicale system user.
  user:
    name: "{{ radicale_server_username  }}"
    system: true
    home: "{{ radicale_server_home_dir }}"
    shell: "/bin/false"
    state: present

- name: Install Radicale.
  pip:
    executable: pip3 # Radicale requires Python 3.3 or greater.
    name: radicale
    state: present

- name: Create Radicale configuration directory.
  file:
    path: /etc/radicale
    state: directory

- name: Write Radicale configuration file.
  template:
    src: etc/radicale/config.j2
    dest: /etc/radicale/config
  notify:
    - Restart Radicale.

- name: Write Radicale user rights configuration.
  copy:
    src: rights.conf
    dest: "{{ radicale_server_home_dir }}/rights.conf"
    owner: "{{ radicale_server_username }}"
    group: "{{ radicale_server_username }}"
    mode: "400"
  notify:
    - Restart Radicale.

- name: Ensure Radicale user accounts are defined.
  when:
    - radicale_config.auth is defined
    - radicale_config.auth.type is defined
    - radicale_config.auth.type == "htpasswd"
  block:
    - name: Ensure Radicale htpasswd file exists.
      file:
        path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
        state: touch
        access_time: preserve
        modification_time: preserve

    - name: Set Radicale user with password.
      when: item.password is defined
      no_log: true
      htpasswd:
        path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
        name: "{{ item.name }}"
        password: "{{ item.password }}"
        state: "{{ item.state | default('present') }}"
        crypt_scheme: "bcrypt"
        mode: "600"
        owner: "{{ radicale_server_username }}"
        group: "{{ radicale_server_username }}"
      loop: "{{ radicale_users }}"

    - name: Set Radicale user with password hash.
      when: item.bcrypt_hash is defined
      no_log: true
      lineinfile:
        path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
        line: "{{ item.name }}:{{ item.bcrypt_hash }}"
        state: "{{ item.state | default('present') }}"
        mode: "600"
        owner: "{{ radicale_server_username }}"
        group: "{{ radicale_server_username }}"
      loop: "{{ radicale_users }}"

- name: Create systemd service unit.
  template:
    src: radicale.service.j2
    dest: /etc/systemd/system/radicale.service
    # TODO:
    #validate: "systemd-analyze verify %s"
  notify:
    - Reload systemd.
    - Restart Radicale.

- name: Start and enable Radicale service.
  service:
    name: radicale
    state: "{{ radicale_service_state }}"
    enabled: true