---

- name: Install Coturn
  yum: name=coturn state=present
  register: turn_installed
  tags: turn

- name: Create tmpfiles
  command: systemd-tmpfiles --create
  when: turn_installed.changed
  tags: turn

- name: Deploy main configuration
  template: src=coturn.conf.j2 dest=/etc/coturn/coturn.conf group=coturn mode=640
  notify: restart coturn
  tags: turn

- name: Deploy dehydrated hook
  copy: src=dehydrated_deploy_hook dest=/etc/dehydrated/hooks_deploy_cert.d/20coturn.sh mode=755
  tags: turn

- name: Remove turnserver rules
  iptables_raw:
    name: turnserver_ports
    state: absent
  when: iptables_manage | default(True)
  tags: turn,firewall

- name: Handle coturn ports
  iptables_raw:
    name: coturn_ports
    state: "{{ (turn_src_ip | length > 0) | ternary('present','absent') }}"
    rules: |
      -A INPUT -m state --state NEW -p tcp -m multiport --dports {{ [turn_port,turn_alt_port] | join(',') }} -s {{ turn_src_ip | join(',') }} -j ACCEPT
      -A INPUT -p udp -m multiport --dports {{ [turn_port,turn_alt_port] | join(',') }} -s {{ turn_src_ip | join(',') }} -j ACCEPT
      -A INPUT -m state --state NEW -p tcp -m multiport --dports {{ [turn_tls_port,turn_alt_tls_port] | join(',') }} -s {{ turn_src_ip | join(',') }} -j ACCEPT
      -A INPUT -p udp -m multiport --dports {{ [turn_tls_port,turn_alt_tls_port] | join(',') }} -s {{ turn_src_ip | join(',') }} -j ACCEPT
      -A INPUT -p tcp --dport 49152:65535 -s {{ turn_src_ip | join(',') }} -j ACCEPT
      -A INPUT -p udp --dport 49152:65535 -s {{ turn_src_ip | join(',') }} -j ACCEPT
  when: iptables_manage | default(True)
  tags: turn,firewall

- name: Start and enable the service
  service: name=coturn state=started enabled=True
  tags: turn

- name: Add long term users
  command: turnadmin --add --user={{ item.name }} --password={{ item.pass | quote }} --realm={{ turn_realm | default(ansible_domain) }}
  loop: "{{ turn_lt_users }}"
  tags: turn

- name: Remove users with unknown realm
  shell: |
    for U in $(turnadmin --list | grep -v '\[{{ turn_realm | default(ansible_domain) }}\]'); do
      user=$(echo $U | cut -d'[' -f1)
      realm=$(echo $U | perl -pe 's/.*\[(.*)\]/$1/')
      turnadmin --delete --user=$user --realm=$realm
    done
  changed_when: False
  tags: turn

- name: List long term users
  shell: turnadmin --list | grep -vP '^0:\s+(log file opened|SQLite connection)' | cut -d'[' -f1
  register: turn_lt_existing_users
  changed_when: False
  tags: turn

- name: Remove unmanaged long term users
  command: turnadmin --delete --user={{ item }} --realm={{ turn_realm | default(ansible_domain) }}
  when: item not in turn_lt_users | map(attribute='name') | list
  loop: "{{ turn_lt_existing_users.stdout_lines }}"
  tags: turn