---

- name: Create _sources directories
  file:
    path: "{{ sources_dest }}/{{ item }}"
    state: 'directory'
    mode: '0700'
  loop:
    - secrets
    - receptor

- name: Detect secrets
  stat:
    path: "{{ sources_dest }}/secrets/{{ item }}.yml"
  register: secrets
  when: not lookup('vars', item, default='')
  loop:
    - pg_password
    - secret_key
    - broadcast_websocket_secret
    - admin_password

- name: Generate secrets if needed
  template:
    src: 'secrets.yml.j2'
    dest: '{{ sources_dest }}/secrets/{{ item.item }}.yml'
    mode: '0600'
  when: not lookup('vars', item.item, default='') and not item.stat.exists
  loop: "{{ secrets.results }}"
  loop_control:
    label: '{{ item.item }}'

- name: Include generated secrets unless they are explicitly passed in
  include_vars: "{{ sources_dest }}/secrets/{{ item.item }}.yml"
  no_log: true
  when: not lookup('vars', item.item, default='')
  loop: "{{ secrets.results }}"

- name: Write out SECRET_KEY
  copy:
    content: "{{ secret_key }}"
    dest: "{{ sources_dest }}/SECRET_KEY"
  no_log: true

- name: Find custom error pages
  set_fact:
    custom_error_pages: "{{ (custom_error_pages | default([])) + [new_error_page] }}"
  vars:
    new_error_page:
      error_code: "{{ item | basename() | regex_replace('custom_(\\d+).html', '\\1') }}"
      web_path: "{{ item | regex_replace('^.*/static', '/static') }}"
  loop: "{{ lookup('ansible.builtin.fileglob', playbook_dir + '/../../../awx/static/custom_*.html', wantlist=True) }}"
  when: (item | basename()) is regex("custom_\d+\.html")

- name: Render configuration templates
  template:
    src: "{{ item }}.j2"
    dest: "{{ sources_dest }}/{{ item }}"
    mode: '0600'
  with_items:
    - "database.py"
    - "local_settings.py"
    - "websocket_secret.py"
    - "haproxy.cfg"
    - "nginx.conf"
    - "nginx.locations.conf"

- name: Get OS info for sdb
  shell: |
    docker info 2> /dev/null | awk '/Os:/ { gsub(/Os:/, "Operating System:"); }/Operating System/ { print; }'
  register: os_info
  changed_when: false

- name: Get user UID
  shell: id -u
  register: current_user
  changed_when: false

- name: Set fact with user UID
  set_fact:
    user_id: "'{{ current_user.stdout }}'"

- name: Set global version if not provided
  set_fact:
    awx_image_tag: "{{ lookup('file', playbook_dir + '/../../../VERSION') }}"
  when: awx_image_tag is not defined

- name: Generate Private RSA key for signing work
  command: openssl genrsa -out {{ work_sign_private_keyfile }} {{ receptor_rsa_bits }}
  args:
    creates: "{{ work_sign_private_keyfile }}"
  when: sign_work | bool

- name: Generate public RSA key for signing work
  command: openssl rsa -in {{ work_sign_private_keyfile }} -out {{ work_sign_public_keyfile }} -outform PEM -pubout
  args:
    creates: "{{ work_sign_public_keyfile }}"
  when: sign_work | bool

- name: Include vault TLS tasks if enabled
  include_tasks: vault_tls.yml
  when: enable_vault | bool

- name: Iterate through ../editable_dependencies and get symlinked directories and register the paths
  find:
    paths: "{{ playbook_dir }}/../editable_dependencies"
    file_type: link
    recurse: no
  register: _editable_dependencies_links
  when: install_editable_dependencies | bool

- name: Warn about empty editable_dependnecies
  fail:
    msg: "[WARNING] No editable_dependencies found in ../editable_dependencies"
  when: install_editable_dependencies | bool and not _editable_dependencies_links.files
  ignore_errors: true

- name: Set fact with editable_dependencies
  set_fact:
    editable_dependencies: "{{ _editable_dependencies_links.files | map(attribute='path') | list }}"
  when: install_editable_dependencies | bool and _editable_dependencies_links.files

- name: Set install_editable_dependnecies to false if no editable_dependencies are found
  set_fact:
    install_editable_dependencies: false
  when: install_editable_dependencies | bool and not _editable_dependencies_links.files

- name: Render Docker-Compose
  template:
    src: docker-compose.yml.j2
    dest: "{{ sources_dest }}/{{ compose_name }}"
    mode: '0600'

- name: Render Receptor Config(s) for Control Plane
  template:
    src: "receptor-awx.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
    mode: '0600'
  with_sequence: start=1 end={{ control_plane_node_count }}

- name: Create Receptor Config Lock File
  file:
    path: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf.lock"
    state: touch
    mode: '0600'
  with_sequence: start=1 end={{ control_plane_node_count }}

- name: Render Receptor Config(s) for Control Plane
  template:
    src: "receptor-awx.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
    mode: '0600'
  with_sequence: start=1 end={{ control_plane_node_count }}

- name: Render Receptor Hop Config
  template:
    src: "receptor-hop.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-hop.conf"
    mode: '0600'
  when:
    - execution_node_count | int > 0

- name: Render Receptor Worker Config(s)
  template:
    src: "receptor-worker.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-worker-{{ item }}.conf"
    mode: '0600'
  with_sequence: start=1 end={{ execution_node_count if execution_node_count | int > 0 else 1}}
  when: execution_node_count | int > 0

- name: Render prometheus config
  template:
    src: "prometheus.yml.j2"
    dest: "{{ sources_dest }}/prometheus.yml"
  when: enable_prometheus|bool