# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

---
- name: Configure loadbalancers
  hosts: bullseye_loadbalance
  remote_user: atm
  become: true
  pre_tasks:
    - name: Install nginx
      become: true
      ansible.builtin.apt:
        update_cache: true
        pkg:
          - nginx
          - ca-certificates

  collections:
    - devsec.hardening
  roles:
    - dev-sec.nginx-hardening

  tasks:
    - name: Add user atm to docker group
      ansible.builtin.user:
        name: atm
        groups: users,admin

    - name: Set logging
      community.general.ufw:
        logging: "on"

    - name: Allow port 22 and enable UFW
      community.general.ufw:
        state: enabled
        rule: allow
        proto: tcp
        port: "22"

    - name: Allow port 80
      community.general.ufw:
        state: enabled
        proto: tcp
        rule: allow
        port: "80"

    - name: Allow port 443
      community.general.ufw:
        state: enabled
        proto: tcp
        rule: allow
        port: "443"

    - name: Enable and start ufw service
      ansible.builtin.service:
        name: ufw
        enabled: true
        state: started

    - name: Copy the Nginx config file and restart nginx
      ansible.builtin.copy:
        src: ./assets/nginx.cfg
        dest: /etc/nginx/sites-available/libreddit

    - name: Create symlink
      ansible.builtin.file:
        src: /etc/nginx/sites-available/libreddit
        dest: /etc/nginx/sites-enabled/libreddit
        state: link

    - name: Enable and start nginx service
      ansible.builtin.service:
        name: nginx
        enabled: true
        state: started

    - name: Enable and start nginx service
      ansible.builtin.service:
        name: nginx
        enabled: true
        state: restarted