---

  - import_role:
      name: _app_log_inventory

  - import_role:
      name: _letsencrypt_certificate

  - name: "log dest {{ coolwsd_log_dest }}"
    file:
      state: directory
      path: "{{ coolwsd_log_dest }}"
      mode: "0777"

  - name: "apt key for collabora - paquerette"
    apt_key: keyserver="keyserver.ubuntu.com" id="0C54D189F4BA284D"

  - name: "apt_repository for collabora - paquerette"
    apt_repository:
      repo: "deb https://collaboraoffice.com/repos/CollaboraOnline/{{ collabora_version }}/customer-{{ collabora_distro_repo }}-{{ collabora_secret }} ./"
      state: present

  - name: "install hunspell"
    apt:
      name: "{{ hunspell_module_list }}"
      state: present
      update_cache: yes

  - name: "install coolwsd"
    apt:
      name: coolwsd
      state: latest
      update_cache: yes

  - name: "install collabora-online-brand"
    apt:
      name: collabora-online-brand
      state: latest
      update_cache: yes

  - name: "copy letsencrypt cert.pem"
    copy:
      src: "/etc/letsencrypt/live/{{ collabora_domain }}/cert.pem"
      dest: "/etc/coolwsd/cert.pem"
      mode: "0744"
      remote_src: yes

  - name: "copy letsencrypt privkey.pem"
    copy:
      src: "/etc/letsencrypt/live/{{ collabora_domain }}/privkey.pem"
      dest: "/etc/coolwsd/key.pem"
      mode: "0744"
      remote_src: yes

  - name: "copy letsencrypt chain.pem"
    copy:
      src: "/etc/letsencrypt/live/{{ collabora_domain }}/chain.pem"
      dest: "/etc/coolwsd/chain.pem"
      mode: "0744"
      remote_src: yes

  - name: "copy letsencrypt fullchain.pem"
    copy:
      src: "/etc/letsencrypt/live/{{ collabora_domain }}/fullchain.pem"
      dest: "/etc/coolwsd/ca-chain.cert.pem"
      mode: "0744"
      remote_src: yes

  - name: "ensure presence of {{ base_prod_options }}/collabora/"
    file:
      path: "{{ base_prod_options }}/collabora/"
      state: directory

  - name: "script for copy certificates after renew"
    template:
      src: letsencrypt_cert_collabora.j2
      dest: "{{ base_prod_options }}/collabora/collabora-renew-cert.sh"
      mode: 0700
      backup: yes

  - name: "cron for copy certificates after renew"
    cron:
      name: "collabora : copy certificates after renew"
      weekday: "1"
      hour: "{{ renew_cert_standalone_hour }}"
      minute: "{{ renew_cert_copy_minute }}"
      job: "{{ base_prod_options }}/collabora/collabora-renew-cert.sh"

  - name: "template for coolwsd.xml"
    template:
      src: coolwsd_xml.j2
      dest: "/etc/coolwsd/coolwsd.xml"
      backup: yes

  - name: Replace cool log file destination in service.
    replace:
      path: /lib/systemd/system/coolwsd.service
      regexp: '\/var\/log.*$'
      replace: '/mnt/vdb/log'

  - name: "reload and restart coolwsd service"
    systemd:
      state: restarted
      daemon_reload: yes
      name: coolwsd

  - name: "template nginx_collabora.j2 {{ collabora_domain }}"
    template:
      src: nginx_collabora.j2
      dest: "/etc/nginx/sites-available/{{ collabora_domain }}.conf"
    notify: reload nginx collabora_online_instance
    when: rev_proxy == "nginx"

  - name: "template apache2_collabora.j2 {{ collabora_domain }}"
    template:
      src: apache2_collabora.j2
      dest: "/etc/apache2/sites-available/{{ collabora_domain }}.conf"
    notify: reload apache2 collabora_online_instance
    when: rev_proxy == "apache2"

  - name: "enable site for {{ collabora_domain }}"
    file:
      state: link
      path: "/etc/{{ rev_proxy }}/sites-enabled/{{ collabora_domain }}.conf"
      src: "/etc/{{ rev_proxy }}/sites-available/{{ collabora_domain }}.conf"
    notify: reload {{ rev_proxy }} collabora_online_instance

  - import_role:
      name: _app_logrotate

  - import_role:
      name: _app_monit