- name: ensure packages are installed
  package:
    name={{ koji_web_packages|join(',') }}
    state=present
  tags:
  - install
  notify: restart httpd
- meta: flush_handlers

- name: ensure koji group exists
  group:
    name=koji
    gid={{ koji_gid }}
    state=present
- name: ensure koji user exists
  user:
    name=koji
    home={{ koji_home }}
    createhome=no
    group=koji
    uid={{ koji_uid }}
    state=present

- name: ensure koji web certificate is installed
  copy:
    src={{ item }}
    dest=/etc/kojiweb/{{ item|basename }}
    mode=0440
    owner=root
    group=koji
  with_fileglob:
  - certs/koji/{{ inventory_hostname }}/kojiweb.pem
- name: ensure koji web ca certificates are installed
  copy:
    src={{ item }}
    dest=/etc/kojiweb/{{ item|basename }}
    mode=0644
  with_fileglob:
  - certs/koji/{{ inventory_hostname }}/*.crt
- name: ensure koji hub server ca certificate is trusted
  copy:
    src={{ item }}
    dest=/etc/pki/ca-trust/source/anchors/koji-hub.crt
    mode=0644
  with_fileglob:
  - certs/koji/{{ inventory_hostname }}/kojihubca.crt
  notify: update ca trust
- name: ensure koji web is configured
  template:
    src=web.conf.j2
    dest=/etc/kojiweb/web.conf
    mode=0644
  notify: reload httpd

- name: ensure apache is configured to serve koji web
  template:
    src=kojiweb.httpd.conf.j2
    dest=/etc/httpd/conf.d/kojiweb.conf
  notify: reload httpd
- name: ensure apache is allowed to make network connections
  seboolean:
    name=httpd_can_network_connect
    persistent=yes
    state=yes