---

# ---
# Install PureFTP Daemon
# ---

- name: (pure-ftpd-install.yml) Ensure Pure-FTPd is installed.
  apt:
    name: "{{ pureftpd_packages }}"
    state: present
    cache_valid_time: 3600
    update_cache: yes

- name: (pure-ftpd-install.yml) Upload Pure-FTPd global configuration file.
  template:
    src: etc/default/pure-ftpd-common.j2
    dest: "{{ pureftpd_global_config_file }}"
    owner: root
    group: root
    mode: '0644'
  notify: restart Pure-FTPd


# ---
# Configure PureFTP Daemon
# ---

# Remove old current configurations if exists

- name: (pure-ftpd-install.yml) Compile Pure-FTPd configurations (set fact..).
  set_fact:
    pureftpd_config_compiled: "{{ pureftpd_config }}"

- name: (pure-ftpd-install.yml) Get current configuration.
  command: ls -1 {{ pureftpd_config_conf_dir }}
  register: pureftpd_current_config
  changed_when: false

- name: (pure-ftpd-install.yml) Delete old configuration.
  file:
    path: "{{ pureftpd_config_conf_dir }}/{{ item }}"
    state: absent
  when: pureftpd_config_compiled[item] is not defined
  with_items: "{{ pureftpd_current_config.stdout_lines }}"
  notify: restart Pure-FTPd

# write new configuration

- name: (pure-ftpd-install.yml) Write configuration.
  template:
    src: etc/pure-ftpd/conf/config.j2
    dest: "{{ pureftpd_config_conf_dir }}/{{ item.key }}"
    owner: root
    group: root
    mode: '0644'
  with_dict: '{{ pureftpd_config_compiled }}'
  notify: restart Pure-FTPd

# Authentication Configuration

- name: (pure-ftpd-install.yml) Get current authentications.
  command: ls -1 {{ pureftpd_config_auth_dir }}
  register: pureftpd_current_auth
  changed_when: false

- name: (pure-ftpd-install.yml) Define empty pureftpd_authentications variable.
  set_fact:
    pureftpd_authentications: []

- name: (pure-ftpd-install.yml) Enable PureDB authentication.
  file:
    src: "{{ pureftpd_config_conf_dir }}/PureDB"
    dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_puredb }}pure"
    state: link
  when: pureftpd_auth_puredb > 0 and pureftpd_config['PureDB'] is defined
  notify: restart Pure-FTPd

- name: (pure-ftpd-install.yml) Add PureDB to Pure-FTPd authentications.
  set_fact:
    pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_puredb }}pure']"
  when: pureftpd_auth_puredb > 0 and pureftpd_config['PureDB'] is defined

- name: (pure-ftpd-install.yml) Add PAM to Pure-FTPd authentications.
  set_fact:
    pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_pam }}pam']"
  when: pureftpd_auth_pam > 0 and pureftpd_config['PAMAuthentication'] is defined


- name: (pure-ftpd-install.yml) Enable UNIX authentication.
  file:
    src: "{{ pureftpd_config_conf_dir }}/UnixAuthentication"
    dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_unix }}unix"
    state: link
  when: pureftpd_auth_unix > 0 and pureftpd_config['UnixAuthentication'] is defined
  notify: restart Pure-FTPd

- name: (pure-ftpd-install.yml) Add UnixAuthentication to Pure-FTPd authentications.
  set_fact:
    pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_unix }}unix']"
  when: pureftpd_auth_unix > 0 and pureftpd_config['UnixAuthentication'] is defined


- name: (pure-ftpd-install.yml) Enable PAM authentication.
  file:
    src: "{{ pureftpd_config_conf_dir }}/PAMAuthentication"
    dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_pam }}pam"
    state: link
  when: pureftpd_auth_pam > 0 and pureftpd_config['PAMAuthentication'] is defined
  notify: restart Pure-FTPd

# ---
# Delete unused authentification if exists
# ---

- name: (pure-ftpd-install.yml) Delete old authentications.
  file:
    path: "{{ pureftpd_config_auth_dir }}/{{ item }}"
    state: absent
  when: item not in pureftpd_authentications
  with_items: "{{ pureftpd_current_auth.stdout_lines }}"
  notify: restart Pure-FTPd


# ---
# Defaults
# ---

- name: (pure-ftpd-install.yml) Ensure Pure-FTPd group exists.
  group:
    name: "{{ pureftpd_virtual_users_group }}"
    gid: "{{ pureftpd_virtual_users_gid | default(omit) }}"
    system: no
    state: present
  when: pureftpd_virtual_users | length > 0

- name: (pure-ftpd-install.yml) Ensure Pure-FTPd user exists.
  user:
    name: "{{ pureftpd_virtual_users_user }}"
    uid: "{{ pureftpd_virtual_users_uid | default(omit) }}"
    group: "{{ pureftpd_virtual_users_group }}"
    home: /dev/null
    shell: /usr/sbin/nologin
    system: no
    state: present
  when: pureftpd_virtual_users | length > 0

- name: (pure-ftpd-install.yml) Verify virtual users database existence.
  stat:
    path: "{{ pureftpd_config_dir }}/pureftpd.passwd"
  register: pureftpd_virtual_users_database

- name: (pure-ftpd-install.yml) Ensure virtual users database exists.
  file:
    path: "{{ pureftpd_config_dir }}/pureftpd.passwd"
    owner: root
    group: root
    mode: '0600'
    state: touch
  when: (pureftpd_virtual_users | length > 0) and not pureftpd_virtual_users_database.stat.exists | default(False)


# ---
# virtual users 
# ---

- include_tasks: pure-ftpd/create-virtual-ftp-user.yml
  vars:
    user: "{{ item }}"
  with_items: "{{ pureftpd_virtual_users }}"
  when: pureftpd_virtual_users | length > 0
  no_log: true


# ---
# TLS Certificate
# ---

# - method 'generate'

- name: Generate Pure-FTPd TLS certificate.
  command: openssl req -x509 -nodes -newkey rsa:{{ pureftpd_tls_certificate_openssl.size | default(4096) }} -sha256 -days {{ pureftpd_tls_certificate_openssl.days | default(365) }} -keyout {{ pureftpd_tls_certificate_pem }} -out {{ pureftpd_tls_certificate_pem }} -subj "/C={{ pureftpd_tls_certificate_openssl.country | default('') }}/ST={{ pureftpd_tls_certificate_openssl.state | default('') }}/L={{ pureftpd_tls_certificate_openssl.locality | default('') }}/O={{ pureftpd_tls_certificate_openssl.organization | default('') }}/OU={{ pureftpd_tls_certificate_openssl.unit | default('') }}/CN={{ pureftpd_tls_certificate_openssl.fqdn }}"
  args:
    creates: "{{ pureftpd_tls_certificate_pem }}"
  when: 
    - pureftpd_tls_certificate_method == 'generate'
    - pureftpd_tls_certificate_openssl | length > 0
  notify: restart Pure-FTPd

- name: Ensure Pure-FTPd TLS certificate permissions.
  file:
    path: "{{ pureftpd_tls_certificate_pem }}"
    owner: root
    group: root
    mode: '0600'
    state: file
  when: 
    - pureftpd_tls_certificate_method == 'generate'
    - pureftpd_tls_certificate_openssl | length > 0

# - final checks

- name: (pure-ftpd-install.yml) Verify TLS certificate exists.
  stat:
    path: "{{ pureftpd_tls_certificate_pem }}"
  register: pureftpd_tls_certificate

- name: (pure-ftpd-install.yml) Fail when no certificate is found.
  fail:
    msg: |
        The certificate file was not found at {{ pureftpd_tls_certificate_pem }}
  when: not pureftpd_tls_certificate.stat.exists | default(False)

# ---

- name: (pure-ftpd-install.yml) Ensure Pure-FTPd service is started enabled on startup.
  service:
    name: pure-ftpd
    state: started
    enabled: yes