# todo add quic specifics
- name: build and install haproxy/quic from source
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become}}"
  tasks:

  #
  # install distribution --or-- official package (http://haproxy.debian.net)
  #   ==> create /etc/haproxy/
  #   ==> create haproxy user and group
  #   ==> prepare chroot
  #

  # todo add official repo
  - name: install haproxy package
    ansible.builtin.apt:
      pkg: haproxy
      update_cache: yes

  #
  # build from source and override systemd unit file
  #

  - name: build and run-time dependencies
    ansible.builtin.apt:
      pkg:
      - ca-certificates
      - gcc
      - git
      - libc6-dev
      - liblua5.3-dev
      - libpcre3-dev
      - libssl-dev
      - libsystemd-dev
      - make
      - zlib1g-dev
      #update_cache: yes

  - name: clone official repository
    ansible.builtin.git:
      repo: https://github.com/haproxy/haproxy.git
      version: v3.1.0
      # goes into ansible user homedir
      dest: haproxy

  # https://www.haproxy.com/blog/how-to-enable-quic-load-balancing-on-haproxy
  # https://github.com/haproxy/haproxy/blob/master/INSTALL
  # todo switch to PCRE2 (libpcre2-dev)
  - name: build haproxy
    community.general.make:
      chdir: haproxy
      jobs: "{{cores}}"
      params:
        TARGET: linux-glibc
        USE_LUA: 1
        USE_OPENSSL: 1
        USE_PCRE: 1
        USE_ZLIB: 1
        USE_SYSTEMD: 1
        USE_PROMEX: 1

  - name: build systemd unit file
    community.general.make:
      chdir: haproxy/admin/systemd
      target: haproxy.service

  - name: install haproxy
    community.general.make:
      chdir: haproxy
      target: install-bin

  - name: install systemd unit file
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: cp -f haproxy.service /etc/systemd/system/
      chdir: haproxy/admin/systemd
    notify: reload systemd

  - name: Get HAProxy version.
    command: haproxy -vv
    register: haproxy_version_result

  - name: Print HAProxy version.
    debug:
      msg: "{{ haproxy_version_result.stdout }}"

  # - name: Copy certificate in place.
  #   copy:
  #     src: "{{ haproxy_certificate_path }}"
  #     dest: /etc/ssl/certs/haproxy.pem
  #     mode: 0644

  # workaround using package
  #- name: create haproxy user and group
  #  ansible.builtin.shell:
  #    executable: /bin/bash
  #    cmd: useradd haproxy -r -s /sbin/nologin

  # workaround using package
  #- name: create /etc/haproxy/
  #  ansible.builtin.shell:
  #    executable: /bin/bash
  #    cmd: "mkdir -p /etc/haproxy/"

  handlers:

  - name: reload systemd
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: systemctl daemon-reload