---
- name: Set local facts
  set_fact:
    secure_download_dir: /var/cache/secure_download

- name: Copy webapp sources
  synchronize:
      src: checkouts/secure-download/
      dest: /var/lib/secure_download/
      group: no
      owner: no

- name: Create secure download worker user and group
  user:
      name: uwsgi-secure-download
      create_home: no
      group: uwsgi
      password: '!'
      shell: /sbin/nologin
      system: yes

- name: Template webapp config
  template:
    src: secure_download.cfg.j2
    dest: /var/lib/secure_download/secure_download_prod.cfg
    owner: uwsgi-secure-download
    group: root
    mode: 0660

- name: Copy uwsgi config
  copy:
      src: uwsgi-secure-download.ini
      dest: /etc/uwsgi.d/secure-download.ini
      owner: uwsgi-secure-download
      group: uwsgi
      mode: 440

- name: Enable uwsgi systemd socket
  systemd:
      daemon-reload: yes
      name: uwsgi-app@secure-download.socket
      enabled: yes

- name: Copy server dir tmpfiles.d config
  template:
      src: tmpfiles-secure-download.conf.j2
      dest: /etc/tmpfiles.d/secure-download.conf
      owner: root
      group: root
      mode: 0644
  register: sec_dl_tmpfiles_config

- name: Kick systemd tmpfiles service to create serve dir
  command: systemd-tmpfiles --create
  when: sec_dl_tmpfiles_config is changed