---
- name: install dependencies
  become: true
  ansible.builtin.apt:
    update_cache: true
    force_apt_get: true
    state: present
    cache_valid_time: 3600
    pkg:
      - build-essential
      - git
      - libffi-dev
      - libssl-dev
      - libxslt-dev
      - pkgconf
      - python3-babel
      - python3-dev
      - python3-virtualenv
      - python3-yaml
      - zlib1g-dev
- name: gather facts
  ansible.builtin.include_tasks: gather_facts.yml
- name: create service group
  become: true
  ansible.builtin.group:
    name: '{{ searxng_group }}'
    system: true
    state: present
- name: create service user
  become: true
  ansible.builtin.user:
    name: '{{ searxng_user }}'
    group: '{{ searxng_group }}'
    shell: '/usr/bin/bash'
    home: '{{ searxng_install_dir }}'
    create_home: true
    system: true
    state: present
- name: mark git repository as safe
  become: true
  ansible.builtin.shell: >
    git config --global --get safe.directory {{ searxng_git_dir }} ||
    git config --global --add safe.directory {{ searxng_git_dir }}
- name: clone repository
  become: true
  ansible.builtin.git:
    repo: '{{ searxng_git_repository }}'
    dest: '{{ searxng_git_dir }}'
    single_branch: true
    version: '{{ searxng_git_version }}'
- name: setup virtualenv
  become: true
  ansible.builtin.pip:
    requirements: '{{ searxng_git_dir }}/requirements.txt'
    virtualenv: '{{ searxng_install_dir }}/.venv'
    virtualenv_site_packages: true
    extra_args: '--use-pep517 --no-build-isolation -e {{ searxng_git_dir }}'
- name: set ownership
  become: true
  ansible.builtin.file:
    path: '{{ searxng_install_dir }}'
    owner: '{{ searxng_user }}'
    group: '{{ searxng_group }}'
    mode: 'u=rwX,g=rX,o='
    recurse: yes
    follow: false
- name: setup shell environment
  become: true
  ansible.builtin.lineinfile:
    path: '{{ searxng_install_dir }}/.profile'
    line: 'source {{ searxng_install_dir }}/.venv/bin/activate'
    search_string: 'source {{ searxng_install_dir }}/.venv/bin/activate'
    create: true
    mode: '0640'
    owner: '{{ searxng_user }}'
    group: '{{ searxng_group }}'
    state: present
- name: setup configuration file
  become: true
  ansible.builtin.template:
    src: '../templates/settings.yml.j2'
    dest: '{{ searxng_install_dir }}/settings.yml'
    owner: '{{ searxng_user }}'
    group: '{{ searxng_group }}'
    mode: 'u=rw,g=r,o='
- name: setup limiter configuration
  become: true
  when: (searxng_conf_server_limiter | default(True, True)) is truthy
  ansible.builtin.template:
    src: '../templates/limiter.toml.j2'
    dest: '{{ searxng_install_dir }}/limiter.toml'
    owner: '{{ searxng_user }}'
    group: '{{ searxng_group }}'
    mode: 'u=rw,g=r,o='
- name: setup backend
  ansible.builtin.include_tasks: 'backend_{{ searxng_backend }}_setup.yml'
- name: fix permissions
  become: true
  ansible.builtin.file:
    path: '{{ searxng_git_dir }}'
    owner: '{{ searxng_user }}'
    group: '{{ searxng_group }}'
    recurse: true
    state: directory
- name: flush handlers
  ansible.builtin.meta: flush_handlers