---
# we do NOT use:
# git clone https://github.com/quackduck/devzat
# but our own fork where we patched the torlist stuff away.
# see: https://github.com/quackduck/devzat/issues/246
- name: build devzat
  shell: |
    cd /tmp
    git clone https://github.com/tlinden/devzat
    cd /tmp/devzat
    go build
  args:
    creates: "/tmp/.ansible.devzatbuild"
  
- name: create services template dir
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}"
    state: directory
    recurse: yes

- name: copy template config files
  template:
    src: Bastillefile.j2
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/Bastillefile"

- name: create config paths
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}/{{ item }}/"
    state: directory
    recurse: yes
  loop:
    - usr/local/etc
    - usr/local/etc/rc.d
    - usr/local/sbin

- name: copy devzat binary
  shell: install -m 755 /tmp/devzat/devzat /usr/local/bastille/templates/services/{{ role_name }}/usr/local/sbin/devzat
  args:
    creates: "/tmp/.ansible.devzat"
  
- name: copy devzat config file
  copy:
    src: devzat.yml
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/usr/local/etc/"

- name: copy devzat rc file
  copy:
    src: devzat
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/usr/local/etc/rc.d/"
    mode: '0755'

- name: create jail
  shell: "bastille create -B {{ role_name }} {{ release }} {{ chatip.stdout }}/64 bridge0"
  args:
    creates: /usr/local/bastille/jails/{{ role_name }}

- name: start jail
  shell: bastille start {{ role_name }} || true

- name: template jail
  shell: "bastille template {{ role_name }} services/{{ role_name }}"
  args:
    # FIXME: might make it impossible to update, on the other hand w/o
    # it this command fails with "devzat binary busy" when the jail is
    # already running, since go binaries do not fork.
    creates: "/tmp/.ansible.devzattemplate"