---
- block:

  - name: install homeassistant dependencies
    apt:
      name:
        - autoconf
        - build-essential
        - libffi-dev
        - libopenjp2-7
        - libssl-dev
        - libtiff5
        - python3
        - python3-dev
        - python3-pip
        - virtualenv
      update_cache: true
      cache_valid_time: 3600

  - name: ensure homeassistant group exits
    group:
      name: homeassistant
      system: true

  - name: ensure homeassistant user exists and has restrictive settings
    user:
      name: homeassistant
      groups: homeassistant
      password: "*"
      home: "{{ homeassistant_dir }}"
      system: true
      shell: /usr/sbin/nologin

  - name: get available groups
    getent:
      database: group

  - name: add homeassistant user to ssl-cert group
    user:
      name: homeassistant
      groups: ssl-cert
      append: true
    become: true
    when:
      - homeassistant_add_to_ssl_cert_group
      - ssl-cert in ansible_facts.getent_group

  - name: add homeassistant user to dialout, gpio and i2c groups
    user:
      name: homeassistant
      groups: dialout,gpio,i2c
      append: true
    when: is_a_raspberrypi

  - name: install wheel and homeassistant inside a virtualenv
    pip:
      name:
        - wheel
        - homeassistant
      virtualenv: "{{ homeassistant_dir }}"

  - name: ensure homeassistant owns "{{ homeassistant_dir }}"
    file:
      path: "{{ homeassistant_dir }}"
      state: directory
      recurse: true
      owner: homeassistant
      group: homeassistant

  - name: install homeassistant systemd unit file
    template:
      src: etc/systemd/system/homeassistant.service.j2
      dest: /etc/systemd/system/homeassistant.service
    notify:
      - systemctl daemon-reload

  - name: ensure homeassistant is enabled and started
    systemd:
      name: homeassistant
      state: started
      enabled: true

  - name: Wait for port 8123
    wait_for:
      port: 8123
      delay: 10

  - name: add custom TLS settings in configuration.yaml
    blockinfile:
      path: "{{ homeassistant_dir }}/.homeassistant/configuration.yaml"
      marker: "# {mark} ANSIBLE TLS SETTINGS"
      block: |
        http:
          ssl_certificate: {{ homeassistant_ssl_certificate }}
          ssl_key: {{ homeassistant_ssl_key }}
    when:
      - homeassistant_add_to_ssl_cert_group
      - ssl-cert in ansible_facts.getent_group
      - homeassistant_ssl_certificate and homeassistant_ssl_key
    notify: systemctl restart homeassistant

  become: "{{ homeassistant_become }}"
  become_user: "{{ homeassistant_become_user }}"