- name: load distribution-specific variables
  include_vars: '{{ item }}'
  with_first_found:
  - '{{ ansible_distribution }}.yml'
  - '{{ ansible_os_family }}.yml'
  - defaults.yml
  tags:
  - always

- name: ensure burp server is installed
  package:
    name={{ burp_server_package }}
    state=present
  tags:
  - install
- name: check burp version
  burp_version:
- debug: var=burp_version
- name: load burp version-specific variables
  include_vars: '{{ item }}'
  with_first_found:
  - burp{{ burp_version[0] }}.yml
  - burp-defaults.yml

- name: ensure burp user exists
  user:
    name=burp
    system=yes
    home=/dev/null
    createhome=no
    shell=/sbin/nologin
  tags:
  - user

- name: ensure tmpfiles.d directory exists
  file:
    path=/etc/tmpfiles.d
    mode=0755
    state=directory
- name: ensure burp tmpfiles are configured
  copy:
    src=burp.tmpfiles.conf
    dest=/etc/tmpfiles.d/burp.conf
    mode=0644
  notify: process tmpfiles
- meta: flush_handlers
- name: ensure burp persistent state directory exists
  file:
    path=/var/lib/burp
    owner=root
    group=burp
    mode=0770
    state=directory
- name: ensure burp volume is mounted
  mount:
    name=/var/spool/burp
    src={{ burp_backup_volume }}
    fstype={{ burp_backup_volume_fstype }}
    opts=noatime
    state=mounted
  when: burp_backup_volume is defined
- name: ensure burp directory permissions are correct
  file:
    path=/var/spool/burp
    owner=root
    group=burp
    mode=0770
    state=directory
- name: ensure burp server is configured
  template:
    src=burp-server.conf.j2
    dest=/etc/burp/burp-server.conf
    owner=root
    group=burp
    mode=0640
  notify: restart burp server
- name: ensure burp dh params are set
  command:
    burp_ca --dhfile /etc/burp/dhfile.pem
    creates=/etc/burp/dhfile.pem
- name: ensure burp dh params file permissions are correct
  file:
    path=/etc/burp/dhfile.pem
    mode=0600
    owner=burp
    group=burp

- import_tasks: ca.yml

- name: ensure burp server starts at boot
  service:
    name=burp
    enabled=yes
- meta: flush_handlers
- name: ensure burp server is running
  service:
    name=burp
    state=started

- name: ensure burp is allowed through the firewall
  firewalld:
    port=4971/tcp
    immediate=yes
    permanent=no
    state=enabled
  notify: save firewalld configuration
  tags:
  - firewalld