- name: ensure rsync is installed
  package:
    name: rsync
    state: present
  tags:
  - install

- name: ensure app group exists
  group:
    name: webapp.dcow
    state: present
- name: ensure app user exists
  user:
    name: webapp.dcow
    group: webapp.dcow
    home: /srv/www/darkchestofwonders.us
    createhome: true
    state: present

- name: ensure app home directory permissions are set
  file:
    path: /srv/www/darkchestofwonders.us
    mode: u=rwx,go=rx
    state: directory

- name: ensure app ssh home directory exists
  file:
    path: /srv/www/darkchestofwonders.us/.ssh
    mode: '0700'
    owner: webapp.dcow
    group: webapp.dcow
    setype: ssh_home_t
    state: directory
- name: ensure publisher keys are trusted
  authorized_key:
    key: "{{ dcow_publisher_keys|join('\n') }}"
    user: webapp.dcow
    exclusive: true
- name: ensure authorized_keys file permissions are correct
  file:
    path: /srv/www/darkchestofwonders.us/.ssh/authorized_keys
    mode: u=rw,go=
    owner: webapp.dcow
    group: webapp.dcow
    setype: ssh_home_t

- name: ensure apache is configured to serve darkchestofwonders.us
  template:
    src=darkchestofwonders.us.httpd.conf.j2
    dest=/etc/httpd/conf.d/darkchestofwonders.us.conf
    mode=0644
  notify: reload httpd