# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

---
- name: Configure loadbalancers
  hosts: bullseye_loadbalance
  remote_user: root

  tasks:
    - name: Ensure all VMs are reachable
      ansible.builtin.ping:
    - name: Update package cache
      ansible.builtin.apt:
        update_cache: true
        upgrade: safe

    - name: Install git, zip, nginx, wget, curl & other utils
      ansible.builtin.apt:
        update_cache: true
        pkg:
          - nginx
          - ca-certificates
          - ufw

    - name: Add user atm to docker group
      ansible.builtin.user:
        name: atm
        groups: users,admin

    - name: Set logging
      community.general.ufw:
        logging: "on"

    - name: Allow port 22 and enable UFW
      community.general.ufw:
        state: enabled
        rule: allow
        proto: tcp
        port: "22"

    - name: Allow port 80
      community.general.ufw:
        state: enabled
        proto: tcp
        rule: allow
        port: "80"

    - name: Allow port 443
      community.general.ufw:
        state: enabled
        proto: tcp
        rule: allow
        port: "443"

    - name: Enable and start ufw service
      ansible.builtin.service:
        name: ufw
        enabled: true
        state: started

    - name: Copy the Nginx config file and restart nginx
      ansible.builtin.copy:
        src: ./assets/nginx.cfg
        dest: /etc/nginx/sites-available/nginx.cfg

    - name: Create symlink
      ansible.builtin.file:
        src: /etc/nginx/sites-available/nginx.cfg
        dest: /etc/nginx/sites-enabled/default
        state: link

    - name: Enable and start nginx service
      ansible.builtin.service:
        name: nginx
        enabled: true
        state: started

    - name: Enable and start nginx service
      ansible.builtin.service:
        name: nginx
        enabled: true
        state: restarted