---
- name: add group for mumble
  group:
    name: mumble
    gid: "{{ mumble_gid }}"

- name: add user for mumble
  user:
    name: mumble
    uid: "{{ mumble_uid }}"
    group: mumble
    password: "!"

- name: create mumble ssl subdirectory
  file:
    path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl"
    state: directory
    owner: root
    group: mumble
    mode: 0750

- name: generate Diffie-Hellman parameters
  openssl_dhparam:
    path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl/dhparams.pem"
    size: "{{ mumble_dhparam_size }}"
    owner: root
    group: mumble
    mode: 0644

- name: install acmetool hook script
  template:
    src: acmetool-reload.sh.j2
    dest: "/etc/acme/hooks/mumble-{{ mumble_instance }}"
    mode: 0755

- name: install acmetool systemd unit snippet
  copy:
    dest: "/etc/systemd/system/acmetool.service.d/mumble-{{ mumble_instance }}.conf"
    content: |
      [Service]
      ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/ssl
  register: mumble_acmetool_snippet

- name: reload systemd
  when: mumble_acmetool_snippet is changed
  systemd:
    daemon_reload: yes

- name: get certificate using acmetool
  import_role:
    name: x509/acmetool/cert
  vars:
    acmetool_cert_name: "mumble-{{ mumble_instance }}"
    acmetool_cert_hostnames: "{{ mumble_hostnames }}"

- name: create mumble data directory
  file:
    path: "{{ mumble_base_path }}/{{ mumble_instance }}/data"
    state: directory
    owner: mumble
    group: mumble
    mode: 0750

- name: install pod manifest
  vars:
    kubernetes_standalone_pod:
      name: "mumble-{{ mumble_instance }}"
      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
      mode: "0600"
  include_role:
    name: kubernetes/standalone/pod