---

- name: install packages
  ansible.builtin.package:
    force_apt_get: true
    install_recommends: false
    name: "{{ mediaimport_packages }}"

## USERS

- name: create users
  loop: "{{ mediaimport_users }}"
  when:
    - item.name | d(false)
    - item.passwd | d(false)
  no_log: true
  ansible.builtin.command: /usr/bin/mediaimportctl.py add --yes --user {{ item.name }} --passwd {{ item.passwd }}
  args:
    creates: /home/ftp/storage/incoming/{{ item.name }}

## MEDIAIMPORT

- name: enable password login for ssh
  notify: restart sshd
  ansible.builtin.replace:
    dest: /etc/ssh/sshd_config
    regexp: "^PasswordAuthentication no"
    replace: "#PasswordAuthentication yes"

- name: configure mediaimport
  when:
    - mediaimport_ms_api_key | d(false)
    - mediaimport_ms_server_name | d(false)
  notify: restart mediaimport
  ansible.builtin.template:
    src: mediaimport.json.j2
    dest: /etc/mediaserver/mediaimport.json
    backup: true
    mode: 0640

- name: enable mediaimport service
  ansible.builtin.systemd:
    name: mediaimport
    enabled: true

- name: enable mediaimport-cleanup timer
  ansible.builtin.systemd:
    name: mediaimport-cleanup.timer
    enabled: true

# FAIL2BAN

- name: deploy fail2ban jail
  notify: restart fail2ban
  ansible.builtin.template:
    src: fail2ban_ftpd.conf.j2
    dest: /etc/fail2ban/jail.d/pure-ftpd.conf
    mode: 0644

- name: flush handlers
  ansible.builtin.meta: flush_handlers

# FIREWALL

- name: firewall
  when: mediaimport_firewall_enabled
  vars:
    ferm_rules_filename: "{{ mediaimport_ferm_rules_filename }}"
    ferm_input_rules: "{{ mediaimport_ferm_input_rules }}"
    ferm_output_rules: "{{ mediaimport_ferm_output_rules }}"
    ferm_global_settings: "{{ mediaimport_ferm_global_settings }}"
  ansible.builtin.include_role:
    name: ferm-configure

- name: flush handlers
  ansible.builtin.meta: flush_handlers

...