- name: ensure unifi group exists
  group:
    name: unifi
    gid: 911
    system: true
    state: present
  tags:
  - user
  - group
- name: ensure unifi user exists
  user:
    name: unifi
    uid: 911
    group: unifi
    home: /var/lib/unifi
    createhome: false
    system: true
    state: present
  tags:
  - user

- name: ensure containers subuid is configured
  lineinfile:
    path: /etc/subuid
    create: true
    line: containers:39290640:1048576
  tags:
  - user
- name: ensure containers subgid is configured
  lineinfile:
    path: /etc/subgid
    line: containers:39290640:1048576
  tags:
  - user

- name: ensure unifi storage path exists
  file:
    path: '{{ unifi_storage_path }}'
    owner: unifi
    group: unifi
    mode: u=rwx,go=
    state: directory
  tags:
  - datadir

- name: ensure unifi.container systemd unit exists
  template:
    src: unifi.container.j2
    dest: /etc/containers/systemd/unifi.container
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - reload systemd
  - restart unifi
  tags:
  - systemd
- name: flush_handlers
  meta: flush_handlers

- name: ensure unifi.service is running
  systemd:
    name: unifi.service
    state: started
  tags:
  - service

- name: ensure firewall is configured for unifi
  firewalld:
    port: 8080/tcp
    permanent: true
    immediate: true
    state: enabled
  when: host_uses_firewalld|d(true)|bool
  tags:
  - firewalld

- name: ensure nginx is configured to proxy for unifi
  template:
    src: unifi.nginx.conf.j2
    dest: /etc/nginx/default.d/unifi.conf
    mode: u=rw,go=r
    owner: root
    group: root
  notify:
  - reload nginx
  tags:
  - nginx

- name: ensure selinux allows nginx to proxy for unifi
  seboolean:
    name: httpd_can_network_connect
    persistent: true
    state: true
  tags:
  - nginx
  - selinux