playbook.yml

---
# This playbook to be run after playbook_init has been run once, and then can be run on its
# own anytime changes need to be made.
- hosts: ckan
  become: true
  vars:
    ve_dir: /usr/lib/ckan/default

  handlers:
    - name: reload nginx
      service:
        name: nginx
        state: reloaded
        enabled: true

    - name: restart solr
      service:
        name: tomcat9
        state: restarted
        enabled: true

    - name: reload ckan
      command: supervisorctl reload

  pre_tasks:
    - name: Update apt cache
      apt: update_cache=yes cache_valid_time=3600

    - name: Install packages required for ansible on the remote server
      block:

        - name: Install system packages
          apt:
            name:
              - python3-pip
              - acl
            state: present

        - name: Install psycopg2
          pip:
            name:
              - psycopg2-binary
              - lxml
            state: present

  roles:
    - users
    - role: hardening
      tags: hardening
    - base
    - dvrpc_theme
    - scheming
    - pdfview
    - geoview
    - custom_privileges
    - showcases

  tasks:
    - name: Set up nginx without TLS
      include_role:
        name: base
        tasks_from: nginx_no_tls
      when: not use_tls
    
    - name: Set up nginx with TLS
      include_role:
        name: base
        tasks_from: nginx_tls
      tags:
        - tls
      when: use_tls

    - name: Set up oauth
      include_role:
        name: oauth

    - name: Install harvest extension
      include_role:
        name: harvest

    - name: Install our custom harvest extension, built on top of other one
      include_role:
        name: dvrpc_gis_harvester