- name: Install CoTurn
  apt:
    name: 
      - coturn
      - acl
    state: present

- name: Allow Turnserver connexions
  ufw:
    rule: allow
    port: "{{ turnserver_port }}"
    proto: any

- name: Copy Configuration file for coturn
  ansible.builtin.copy:
    src: turnserver.conf
    dest: /etc/turnserver.conf
    owner: root
    group: root
    mode: '0644'


- name: Add port to listen on turnserver.conf
  ansible.builtin.replace:
    path: /etc/turnserver.conf
    regexp: '__PORT__'
    replace: '{{ turnserver_port }}' 

- name: Add hostname on turnserver.conf      
  ansible.builtin.replace:
    path: /etc/turnserver.conf   
    regexp: '__HOSTNAME__'
    replace: '{{ domain }}'

- name: Add IP to listen on turnserver.conf      
  ansible.builtin.replace:
    path: /etc/turnserver.conf
    regexp: '__IP_CONTAINER__'   
    replace: '{{ ip_listen }}'

- name: Add IP public on turnserver.conf  
  ansible.builtin.replace:
    path: /etc/turnserver.conf
    regexp: '__IP_EXT__' 
    replace: '{{ ip_public }}'     

- name: Add port to listen on turnserver.conf
  ansible.builtin.replace:
    path: /etc/turnserver.conf
    regexp: '__PASSPHRASE__'
    replace: '{{ passphrase }}' 



- name: Add SSL keys to turnserver.conf
  ansible.builtin.replace:
    path: /etc/turnserver.conf
    regexp: '__SSL_CRT__'
    replace: '/etc/ssl/{{ domain}}.crt'
  when: installCertbot == False

- name: Add SSL keys to turnserver.conf
  ansible.builtin.replace:
    path: /etc/turnserver.conf
    regexp: '__SSL_KEY__'
    replace: '/etc/ssl/{{ domain}}.key'
  when: installCertbot == False

- name: permission to ssl cert 
  shell: |
    setfacl -R -m u:turnserver:rx /etc/ssl/"{{ domain }}".key
    setfacl -R -m u:turnserver:rx /etc/ssl/"{{ domain }}".crt
  when: installCertbot == False

- name: Add SSL keys to turnserver.conf
  ansible.builtin.replace:
    path: /etc/turnserver.conf
    regexp: '__SSL_CRT__'
    replace: '/etc/letsencrypt/live/{{ domain }}/fullchain.pem'
  when: installCertbot == True

- name: Add SSL keys to turnserver.conf
  ansible.builtin.replace:
    path: /etc/turnserver.conf
    regexp: '__SSL_KEY__'
    replace: '/etc/letsencrypt/live/{{ domain }}/privkey.pem'
  when: installCertbot == True

- name: Set permission letsencrypt SSL keys 
  shell: setfacl -R -m u:turnserver:rx /etc/letsencrypt/
  when: installCertbot == True

- name: Start coturn service
  shell: "systemctl start coturn"

- name: Enable systemd service
  shell: "systemctl enable coturn"

- name: Copy Configuration file for coturn
  ansible.builtin.copy:
    src: certbot-cron
    dest: /etc/cron.d/certbot
    owner: root
    group: root
    mode: '0644'
  when: installCertbot == True