---

- name: Install PhpMyAdmin

  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]

  hosts: [ 'debian10' ]

  vars_files:
    - ./../../vars/nginx.yml
    - ./../../vars/php.yml

  tasks:
    - name: Import DebOps secret role
      ansible.builtin.import_role:
        name: 'secret'

    - name: 'Adding pma nginx config'
      copy:
        dest: '/etc/nginx/sites-available/pma.conf'
        content: |-
          server {
              listen 80;
              listen 443;
              ssl_certificate           /etc/pki/realms/domain/default.crt;
              ssl_certificate_key       /etc/pki/realms/domain/default.key;
              server_name pma.{{ domain_name }};
              root /var/www/phpmyadmin;
              index index.php;
              include auth.d/pma-auth.conf;
              location / {
                  try_files $uri $uri/ /index.php?$args;
              }
              set $upstream unix:/run/{{ php__version_preference[0] }}-fpm-www-data.sock;
              location ~ \.php$ {
                  fastcgi_pass $upstream;
                  include fastcgi_params;
                  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                  fastcgi_param SERVER_NAME     $host;
              }
          }

    - name: 'Adding pma nginx auth config'
      copy:
        dest: '/etc/nginx/auth.d/pma-auth.conf'
        content: |-
          include auth.d/grant-access-certbot.conf;
          auth_basic_user_file passwords.d/pma.passwords;

    - name: 'Adding pma nginx auth passwords files'
      shell: |-
        echo "pma:$(openssl passwd -apr1 {{ lookup("password", secret + "/basic/" + site_name + "/pma " + "length=30")}} )" > /etc/nginx/passwords.d/pma.passwords

    - name: 'Turning on pma web site nginx config'
      shell: |-
        cd /etc/nginx/sites-enabled
        ln -s ../sites-available/pma.conf ./

    - name: 'Restarting nginx'
      shell: |-
        nginx -t && systemctl restart nginx