#SPDX-License-Identifier: MIT-0
---
# tasks file for roles/omada-controller
# roles/omada-controller/tasks/main.yml

- name: Install dependencies for Omada Controller
  # Der Controller benötigt Java, jsvc (Java Service Wrapper) und curl.
  ansible.builtin.apt:
    name:
      - "{{ omada_controller_java_package }}"
      - jsvc
      - gnupg # Benötigt für gpg --dearmor
      - curl
      - apt-transport-https
    state: present
    update_cache: yes
  register: apt_install
  retries: 3
  until: apt_install is success

- name: Download MongoDB GPG key
  ansible.builtin.get_url:
    url: "https://www.mongodb.org/static/pgp/server-{{ omada_controller_mongodb_version }}.asc"
    dest: "/tmp/mongodb-server-{{ omada_controller_mongodb_version }}.asc"
    mode: '0644'

- name: Dearmor MongoDB GPG key and place in /usr/share/keyrings
  ansible.builtin.command:
    cmd: "gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg /tmp/mongodb-server-{{ omada_controller_mongodb_version }}.asc"
    creates: /usr/share/keyrings/mongodb-archive-keyring.gpg
  # Hinweis: Der Pfad /usr/share/keyrings/ ist der empfohlene Ort für Schlüssel, die mit 'signed-by' verwendet werden.

- name: Add MongoDB repository
  ansible.builtin.apt_repository:
    repo: "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg ] https://repo.mongodb.org/apt/debian {{ omada_controller_mongodb_repo_release }}/mongodb-org/{{ omada_controller_mongodb_version }} main"
    state: present
    filename: "mongodb-org-{{ omada_controller_mongodb_version }}"
    update_cache: yes
  # Der 'signed-by'-Parameter verweist auf den zuvor dearmored Schlüssel.

- name: Install MongoDB server
  # Der Omada Controller benötigt MongoDB >= 3.0.0.
  ansible.builtin.apt:
    name: mongodb-org-server
    state: present
  register: mongodb_install
  retries: 3
  until: mongodb_install is success

- name: Check if Omada Controller package 'tpeap' is already installed (using command)
  ansible.builtin.command: dpkg-query -W -f='${Status}' tpeap
  register: omada_pkg_status
  # Fail silently if package is not found, and never report a change.
  failed_when: false
  changed_when: false

- name: Install Omada Controller from URL
  ansible.builtin.apt:
    deb: "{{ omada_controller_deb_url }}"
    state: present
  when: "'install ok installed' not in omada_pkg_status.stdout"
  register: omada_install
  retries: 3
  until: omada_install is success
  notify: Restart Omada Controller

- name: Ensure Omada Controller service (tpeap) is running and enabled on boot
  ansible.builtin.service:
    name: tpeap
    state: started
    enabled: yes