---

- name: Playbook for Wordpress
  hosts: localhost
  become: true
  vars:
    jails:
      webserver:
          name: pwordpress
          fbsd_version: 13.0-RELEASE
          ip: 192.168.0.65
          host_interface: em0

      database:
        name: pmariadb
        fbsd_version: 13.0-RELEASE
        ip: 192.168.0.35
        host_interface: em0

    database:
      port: 3007
      dbname: wordpress
      username: wordpress
      password: mypassword

    website:
      name: wordpress
      port: 82

    skip_create_jail: false
  vars_prompt:
    - name: ansible_become_password
      prompt: "Enter sudo password: "
      private: true

  tasks:

          
    - name: Find existing jails
      become: true
      shell: |
        bastille list | cut -f2 -d ' ' |tail -n +2
      register: existing_jails

    - name: Find started jails
      become: true
      shell: |
        jls| tr -s ' ' |cut -d ' ' -f4|tail -n +2
      register: started_jails

    - block:
      - name: Stop existing jails
        command: "bastille stop {{ item.value.name }}"
        when: skip_create_jail==0 and item.value.name in started_jails.stdout_lines
        loop: "{{jails|dict2items}}"
        ignore_errors: true

      - name: delete existing jails
        command: "bastille destroy {{ item.value.name }}"
        when: skip_create_jail==0 and item.value.name in existing_jails.stdout_lines
        loop: "{{jails|dict2items}}"

    - name: Create Jail
      command: "bastille create {{item.value.name}} {{item.value.fbsd_version}} {{item.value.ip}} {{item.value.host_interface}}"
      when: skip_create_jail==0
      loop: "{{jails|dict2items}}"

    - name: Install packages on webserver
      command: "bastille pkg {{jails['webserver'].name}} install -y nginx wordpress \
                php74-mbstring php74-dom php74-openssl php74-filter php74-iconv"

    - name: Install packages database server
      command: "bastille pkg {{jails['database'].name}} install -y mariadb105-server"

    - name: Set bind port for mariadb
      lineinfile:
        regex: "^port"
        line: "port = {{database.port}}" 
        path: "/usr/local/bastille/jails/{{jails['database'].name}}/root/usr/local/etc/mysql/my.cnf"

    - name: sysrc enable mariadb
      command: "bastille sysrc {{jails['database'].name}} mysql_enable='YES'"

    - name: start mariadb server
      command: "bastille service {{jails['database'].name}} mysql-server restart"

    - name: "mariadb: remove anonymous users"
      command: "bastille cmd {{jails['database'].name}} mysql -e \"DELETE FROM mysql.user WHERE user=''\""

    - name: "mariadb: Disallow root login remotely"
      command: "bastille cmd {{jails['database'].name}} mysql -e \"DELETE FROM mysql.global_priv WHERE user='root' AND host NOT IN ('localhost', '127.0.0.1', '::1')\""

    - name: "mariadb: Drop database test"
      command: "bastille cmd {{jails['database'].name}} mysql -e \"DROP DATABASE IF EXISTS test\""

    - name: "mariadb: Remove privileges on database test"
      command: "bastille cmd {{jails['database'].name}} mysql -e \"DELETE FROM mysql.db WHERE SUBSTR(db, 4) == 'test' and user=''\""


    - name: "mariadb: create database for wordpress"
      command: "bastille cmd {{jails['database'].name}} mysqladmin create {{database.dbname}}"

    - name: "mariadb: Create a database user for wordpress"
      command: "bastille cmd {{jails['database'].name}} mysql -e \"GRANT ALL PRIVILEGES ON {{database.dbname}}.* TO '{{database.username}}'@'{{jails['webserver'].ip}}' IDENTIFIED BY '{{database.password}}'\""

    - name: "mariadb: Flush privileges"
      command: "bastille cmd {{jails['database'].name}} mysqladmin flush-privileges"

    - name: "php: create php.ini"
      command: "bastille cmd {{jails['webserver'].name}} cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini"

    - name: "php enable php-fpm service"
      command: "bastille sysrc {{jails['webserver'].name}} php_fpm_enable='YES'"

    - name: "php start php-fpm service"
      command: "bastille service {{jails['webserver'].name}} php-fpm start"

    - name: "nginx: create sites-enabled directory"
      command: "bastille cmd {{jails['webserver'].name}} mkdir /usr/local/etc/nginx/sites-enabled"

    - name: "nginx: configure website"
      template:
        src: wordpress.conf.j2
        dest: "/usr/local/bastille/jails/{{jails['webserver'].name}}/root/usr/local/etc/nginx/sites-enabled/{{website.name}}.conf"

    - name: "nginx: configure nginx.conf to include sites-enabled directory"
      lineinfile:
        insertbefore: "}"
        line: "    include sites-enabled/*.conf;"
        path: "/usr/local/bastille/jails/{{jails['webserver'].name}}/root/usr/local/etc/nginx/nginx.conf"

    - name: "nginx: enable nginx service"
      command: "bastille sysrc {{jails['webserver'].name}} nginx_enable='YES'"

    - name: "nginx: start nginx service"
      command: "bastille service {{jails['webserver'].name}} nginx restart"

    - name: "copy wordpress folder for new website"
      command: "bastille cmd {{jails['webserver'].name}} cp -R /usr/local/www/wordpress /usr/local/www/{{website.name}}"

    - name: "wordpress: create wp-config.php"
      template:
        src: wp-config.php.j2
        dest: "/usr/local/bastille/jails/{{jails['webserver'].name}}/root/usr/local/www/{{website.name}}/wp-config.php"