---
- name: snackpot | server
  hosts: all
  vars:
    nextcloud_db_password: "{{lookup('passwordstore', 'servers/snackpot/nextcloud_db.password')}}"
    postgres_password: "{{lookup('passwordstore', 'servers/snackpot/postgres_db.password')}}"
    postgres_db_user: postgres
    nextcloud_hostname: nc.noodlefactory.co.uk
    nextcloud_db_user: nextcloud
    nextcloud_db: nextcloud
    letsencrypt_email: webmaster@noodlefactory.co.uk
    docker_compose_base_dir: /opt/docker-compose
    firewall_ports:
      - "22"
      - "80"
      - "443"
      # jellyfin
      - "8096"
      #- "8920" https
      - "7359"
      # minidlna
      - "8200"
      # upmpdcli
      - port: "49152"
      # upnp (jellyfin, minidlna and upmpdcli)
      - proto: udp
        port: "1900"
      #  mopidy
      - "6600"
      - "6680"
      - "5555"
      # icecast
      - "8000"
      
  tasks:
    - hostname:
        name: "{{ nextcloud_hostname }}"
      tags: network

    - name: install packages
      apt:
        update_cache: true
        name:
          - emacs
          - strace
          - nmap
          - git
      
    - include_role:
        name: root_sudoers
        apply: { tags: root_sudoers }
      tags: root_sudoers

    - include_role:
        name: ufw
        apply: { tags: ufw }
      tags: ufw
      vars:
        ufw_allow: "{{ firewall_ports }}"
        
    - include_role:
        name: mrlesmithjr.netplan
        apply: { become: true, tags: [netplan, network] }
      tags: netplan, network
      vars:
        netplan_enabled: true
        netplan_configuration:
          network:
            version: 2
            ethernets:
              enp3s0:
                addresses: [192.168.0.55/24]
                gateway4: 192.168.0.1
                nameservers:
                  addresses: [192.168.0.1]
    
    - include_role:
        name: docker_compose
        apply: { tags: docker_compose }
      tags: docker_compose        
      vars:
        docker_compose_version: 1.27.4
        
    - name: ensure directory exists
      file:
        path: "{{ docker_compose_base_dir }}/{{ item.path }}"
        state: directory
      with_filetree: templates/docker-compose
      when: item.state == "directory" and item.path.count("/.") == 0
      tags: docker-config
      
    - name: deploy docker compose templates
      template:
        dest: "{{ docker_compose_base_dir }}/{{ item.path | splitext | first }}"
        src: "docker-compose/{{ item.path }}"
        owner: root
        group: root
        mode: 0660
        backup: yes
      notify: restart docker compose services
      with_filetree: templates/docker-compose
      when: item.state == "file" and item.path.endswith(".j2")
      tags: docker-config
      
    - name: deploy docker compose files
      copy:
        dest: "{{ docker_compose_base_dir }}/{{ item.path }}"
        src: "templates/docker-compose/{{ item.path }}"
        owner: root
        group: root
        mode: 0660
        backup: yes
      notify: restart docker compose services
      with_filetree: templates/docker-compose
      when: |-
        item.state == "file" and not (
          item.path.endswith("~") or item.path.endswith(".j2")
          or item.path.count("/.") > 0
        )
      tags: docker-config
      
    - name: ensure directory exists
      file:
        path: "{{ docker_compose_base_dir }}/bin"
        state: directory
      tags: docker-config
      
    - name: install executables
      template:
        dest: "{{ docker_compose_base_dir }}/bin/{{ item.path }}"
        src: "bin/{{ item.path }}"
        owner: root
        group: root
        mode: 0550
      with_filetree: templates/bin
      when: item.state == "file" and not item.path.endswith("~")
      tags: docker-config
# config nextcloud
# hide pg password