ansible-roles/roles/taiga/tasks/install.yml

---

- name: Install packages
  package: name={{ taiga_packages }}
  tags: taiga

- name: Wipe the venv during upgrades
  file: path={{ taiga_root_dir }}/venv state=absent
  when: taiga_install_mode == 'upgrade'

- when: taiga_install_mode != 'none'
  block:
    - name: Download components
      get_url:
        url: "{{ taiga_archives[item].url }}"
        dest: "{{ taiga_root_dir }}/tmp"
        checksum: sha256:{{ taiga_archives[item].sha256 }}
      loop: "{{ taiga_archives.keys() | list }}"

    - name: Extract archives
      unarchive:
        src: "{{ taiga_root_dir }}/tmp/{{ taiga_archives[item].dir | default('taiga-' ~ item ~ '-' ~ taiga_archives[item].version) }}.tar.gz"
        dest: "{{ taiga_root_dir }}/tmp"
        remote_src: True
      loop: "{{ taiga_archives.keys() | list }}"

    - name: Move components to their final dir
      synchronize:
        src: "{{ taiga_root_dir }}/tmp/{{ taiga_archives[item].dir | default('taiga-' ~ item ~ '-' ~ taiga_archives[item].version) }}/"
        dest: "{{ taiga_root_dir }}/app/{{ item }}/"
        delete: True
        compress: False
      loop: "{{ taiga_archives.keys() | list }}"
      delegate_to: "{{ inventory_hostname }}"

    - name: Create the virtualenv
      pip:
        name:
          - pip
          - wheel
        virtualenv: "{{ taiga_root_dir }}/venv"
        virtualenv_command: /bin/python3.9 -m venv

    - name: Install taiga-back dependencies
      pip:
        requirements: "{{ taiga_root_dir }}/app/back/requirements.txt"
        state: "{{ (taiga_install_mode == 'upgrade') | ternary('latest', 'present') }}"
        virtualenv: "{{ taiga_root_dir }}/venv"
        virtualenv_command: /bin/python3.9 -m venv
    
    - name: Install the contrib-protected plugin
      pip:
        name: git+https://github.com/kaleidos-ventures/taiga-contrib-protected.git@stable#egg=taiga-contrib-protected
        virtualenv: "{{ taiga_root_dir }}/venv"
        virtualenv_command: /bin/python3.9 -m venv

    - name: Clone the openid-auth plugin
      git:
        repo: https://github.com/robrotheram/taiga-contrib-openid-auth.git
        dest: "{{ taiga_root_dir }}/app/back/taiga-contrib-openid-auth"

    - name: Install the openid-auth backend plugin
      command: "{{ taiga_root_dir }}/venv/bin/pip3 install -e ."
      args:
        chdir: "{{ taiga_root_dir }}/app/back/taiga-contrib-openid-auth/back"

    - name: Create the front plugin dir
      file: path={{ taiga_root_dir }}/app/front/dist/plugins/ state=directory
      
    - name: Install the openid-auth front plugin
      copy: src={{ taiga_root_dir }}/app/back/taiga-contrib-openid-auth/front/dist/ dest={{ taiga_root_dir }}/app/front/dist/plugins/openid-auth/ remote_src=True

    - name: Install dependencies for taiga-events
      npm:
        path: "{{ taiga_root_dir }}/app/events/"

    - name: Install requirements for taiga-protected
      pip:
        requirements: "{{ taiga_root_dir }}/app/protected/requirements.txt"
        state: "{{ (taiga_install_mode == 'upgrade') | ternary('latest', 'present') }}"
        virtualenv: "{{ taiga_root_dir }}/venv"
        virtualenv_command: /bin/python3.9 -m venv

  environment:
    PATH: "{{ (pg_version == 'default') | ternary('', '/usr/pgsql-' ~ pg_version ~ '/bin:') }}/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
  tags: taiga

- block:
    - name: Create the PostgreSQL role
      postgresql_user:
        db: postgres
        name: "{{ taiga_db_user }}"
        password: "{{ taiga_db_pass }}"
        login_host: "{{ taiga_db_server }}"
        login_user: sqladmin
        login_password: "{{ pg_admin_pass }}"

    - name: Create the PostgreSQL database
      postgresql_db:
        name: "{{ taiga_db_name }}"
        encoding: UTF-8
        template: template0
        owner: "{{ taiga_db_user }}"
        login_host: "{{ taiga_db_server }}"
        login_user: sqladmin
        login_password: "{{ pg_admin_pass }}"

  tags: taiga

- name: Install service units
  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
  loop:
    - taiga-back.service
    - taiga-async.service
    - taiga-events.service
    - taiga-protected.service
  register: taiga_units
  tags: taiga

- name: Reload systemd
  systemd: daemon_reload=True
  when: taiga_units.results | selectattr('changed','equalto',True) | list | length > 0
  tags: taiga

- name: Install backup hooks
  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/taiga mode=700
  loop:
    - pre
    - post
  tags: taiga

- name: Copy SELinux policy
  copy: src=taiga.te dest=/etc/selinux/targeted/local/
  register: taiga_selinux_policy
  tags: taiga

- name: Compile and load SELinux policy
  shell: |
    cd /etc/selinux/targeted/local/
    checkmodule -M -m -o taiga.mod taiga.te
    semodule_package -o taiga.pp -m taiga.mod
    semodule -i /etc/selinux/targeted/local/taiga.pp
  when: ansible_selinux.status == 'enabled' and taiga_selinux_policy.changed
  tags: taiga