#
# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
#
- name: Snapshot ansible roles
  shell: snapshot_ansible.sh

- name: Touch first-time setup file
  shell: su - bubble bash -c "if [[ ! -f /home/bubble/first_time_marker ]] ; then echo -n install > /home/bubble/first_time_marker ; fi"
  when: restore_key is not defined

- name: Touch first-time setup file (restore)
  shell: su - bubble bash -c "if [[ ! -f /home/bubble/first_time_marker ]] ; then echo -n restore > /home/bubble/first_time_marker ; fi"
  when: restore_key is defined

- name: Install mitmproxy CA cert in local CA store
  shell: install_cert.sh /home/mitmproxy/.mitmproxy/{{ server_alias }}-ca-cert.pem 600
  when: install_type == 'node'

- name: Install copy_certs_to_bubble.sh helper
  copy:
    src: "copy_certs_to_bubble.sh"
    dest: /usr/local/bin/copy_certs_to_bubble.sh
    owner: bubble
    group: root
    mode: 0550
  when: install_type == 'node'

- name: Install mitmproxy public certs in bubble dir
  shell: /usr/local/bin/copy_certs_to_bubble.sh {{ server_alias }}
  when: install_type == 'node'

- name: Install bubble-nodemanager
  copy:
    src: "bubble-nodemanager"
    dest: /usr/sbin/bubble-nodemanager
    owner: root
    group: root
    mode: 0500

- name: Install bubble-nodemanager supervisor conf file
  copy:
    src: "supervisor_bubble_nodemanager.conf"
    dest: /etc/supervisor/conf.d/nodemanager.conf

- name: Install bubble supervisor conf file
  template:
    src: "supervisor_bubble.conf.j2"
    dest: /etc/supervisor/conf.d/bubble.conf

# We cannot receive notifications until nginx is running, so start bubble API as the very last step
- name: Ensure bubble and bubble_nodemanager are started
  supervisorctl:
    name: '{{ item }}'
    state: restarted
  with_items:
    - bubble
    - nodemanager

- name: Ensure authorized SSH keys are up-to-date
  shell: su - bubble bash -c "touch /home/bubble/.refresh_ssh_keys"