---

- name: Create evoadmin account
  user:
    name: "{{ evoadminmail_username }}"
    comment: "Evoadmin Web Account"
    home: "{{ evoadminmail_home_dir}}"
    shell: /bin/bash
    password: "!"

- name: Create log/ directory
  file:
    path: "{{ evoadminmail_home_dir}}/log"
    state: directory
    owner: "{{ evoadminmail_username }}"
    group: "{{ evoadminmail_username }}"
    mode: "0750"

- name: Create www-evoadminmail group
  group:
    name: "www-{{ evoadminmail_username }}"
    state: present

- name: "Create www-evoadmin (Debian 9 or later)"
  user:
    name: "www-{{ evoadminmail_username }}"
    home: "{{ evoadminmail_home_dir}}/www"
    shell: /bin/bash
    createhome: no
  when: ansible_distribution_major_version | version_compare('9', '>=')

- name: Install Git
  apt:
    name: git
    state: present

- name: "Clone evoadmin repository (Debian 9 or later)"
  git:
    repo: https://forge.evolix.org/evoadmin-mail.git
    dest: "{{ evoadminmail_document_root}}"
    version: master
    update: yes
  when: ansible_distribution_major_version | version_compare('9', '>=')

- name: "Change perms on evoadminmail document root"
  file:
    dest: "{{ evoadminmail_document_root }}"
    owner: "www-{{ evoadminmail_username }}"
    group: "{{ evoadminmail_username }}"
    recurse: yes

- name: "Copy connect.php"
  template:
    src: connect.php.j2
    dest: "{{ evoadminmail_document_root }}/htdocs/config/connect.php"
    owner: "www-{{ evoadminmail_username }}"
    group: "{{ evoadminmail_username }}"
  when: ldap_admin_password is defined

- name: "Copy conf.php"
  template:
    src: conf.php.j2
    dest: "{{ evoadminmail_document_root }}/htdocs/config/conf.php"
    owner: "www-{{ evoadminmail_username }}"
    group: "{{ evoadminmail_username }}"

- name: create a password for evoadmin user
  command: "apg -n 1 -m 16 -M lcN"
  register: evoadminmail_admin_password
  changed_when: False

- name: upload ldif for evoadmin user
  template:
    src: evoadmin.ldif.j2
    dest: /root/evolinux_evoadminmail_admin.ldif
    mode: "0640"

- name: inject config
  command: slapadd -l /root/evolinux_evoadminmail_admin.ldif

- name: create log file
  file:
    dest: /var/log/evoadmin-mail.log
    state: touch
    owner: "www-{{ evoadminmail_username }}"
    group: "adm"
    mode: "0640"

- include_role:
    name: remount-usr
  when: evoadminmail_scripts_dir | search ("/usr")

- name: "Create {{ evoadminmail_scripts_dir }}"
  file:
    dest: "{{ evoadminmail_scripts_dir }}"
    # recurse: yes
    mode: "0700"
    state: directory

# we use a shell command to have a "changed" thet really reflects the result.
- name: Fix permissions
  shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
  register: command_result
  changed_when: "'changed' in command_result.stdout"
  # failed_when: False
  with_items:
  - "{{ evoadminmail_home_dir}}/www"

#- name: Add evoadmin sudoers file
#  template:
#    src: sudoers.j2
#    dest: /etc/sudoers.d/evoadmin
#    mode: "0600"
#    validate: "visudo -cf %s"