tasks/web_nix.yml

---

- name: web | Concourse web start script config
  template:
    src="concourse-web.j2"
    dest="{{ concourseci_bin_dir }}/concourse-web"
    mode=0755
  notify:
    - restart concourse-web

- name: web | Copy session public key
  copy:
    content="{{ concourseci_key_session_public }}"
    dest="{{ concourse_web_options_combined['CONCOURSE_SESSION_SIGNING_KEY'] }}.pub"
    mode="0644"
    owner="{{ concourseci_user }}"
    group="{{ concourseci_group }}"
  notify:
    - restart concourse-web

- name: web | Copy session private key
  copy:
    content="{{ concourseci_key_session_private }}"
    dest="{{ concourse_web_options_combined['CONCOURSE_SESSION_SIGNING_KEY'] }}"
    mode="0600"
    owner="{{ concourseci_user }}"
    group="{{ concourseci_group }}"
  no_log: True
  notify:
    - restart concourse-web

- name: web | Copy tsa private key
  copy:
    content="{{ concourseci_key_tsa_private }}"
    dest="{{ concourse_web_options_combined['CONCOURSE_TSA_HOST_KEY'] }}"
    mode="0600"
    owner="{{ concourseci_user }}"
    group="{{ concourseci_group }}"
  no_log: True
  notify:
    - restart concourse-web

- name: web | Create authorized key for tsa
  authorized_key:
    user: "{{ concourseci_user }}"
    key: "{{ item.public }}"
    path: "{{ concourse_web_options_combined['CONCOURSE_TSA_AUTHORIZED_KEYS'] }}"
    manage_dir: no
  with_items: "{{ concourseci_worker_keys }}"
  notify:
   - restart concourse-web

- name: web | Write RBAC_CONFIG
  copy:
    content: "{{ concourse_rbac | to_yaml }}"
    dest: "{{ concourse_web_options_combined['CONCOURSE_CONFIG_RBAC'] }}"
    mode: 0755
    owner: "{{ concourseci_user }}"
    group: "{{ concourseci_group }}"
  when: "concourse_web_options_combined['CONCOURSE_CONFIG_RBAC'] is defined"
  notify:
   - restart concourse-web

- name: web | Templating concourse web start init script (linux)
  template:
    src="concourse-web-init.sh.j2"
    dest="/etc/init.d/concourse-web"
    mode=0755
  notify:
   - reload systemd
   - restart concourse-web
  when: "ansible_system == 'Linux'"

- name: web | Ensure Concourse web is running and Starts on boot (linux)
  service:
    name="concourse-web"
    state="started"
    enabled=True
  ignore_errors: "{{ concourse_ignore_errors }}"
  when: "ansible_system == 'Linux'"

- name: web | Templating concourse web start launchd plist (macOSx)
  template:
    src="{{ concourseci_launchd_web }}.plist.j2"
    dest="{{ concourseci_launchd_path }}/{{ concourseci_launchd_web }}.plist"
    mode=0750
    owner="root"
    group="wheel"
    validate='plutil %s'
  notify:
   - restart concourse-web
  register: launchd_template
  when: "ansible_system == 'Darwin'"

- name: web | Ensure Concourse web is running and Starts on boot (macOSx)
  shell: launchctl load -w {{ concourseci_launchd_path }}/{{ concourseci_launchd_web }}.plist && launchctl start {{ concourseci_launchd_web }}
  changed_when: False # since no way to detect if it started or not
  when: "ansible_system == 'Darwin'"

- name: web | Create base resource type defaults configuration file
  copy:
    owner: "{{ concourseci_user }}"
    group: "{{ concourseci_group }}"
    dest: "{{ concourse_web_options_combined['CONCOURSE_BASE_RESOURCE_TYPE_DEFAULTS'] }}"
    content: "{{ concourseci_web_resource_type_defaults | to_nice_yaml(indent=2) }}"
    mode: '644'
  when: "{{ concourseci_web_resource_type_defaults | dict2items | length > 0 }}"
  notify:
   - restart concourse-web