---
- name: Basic Setup
  hosts: ch-iot
  roles:
  - role: apt-repo/base
  - role: core/base
  - role: core/sshd/base
  - role: core/zsh
  - role: core/ntp

- name: Payload Setup
  hosts: ch-iot
  roles:
  - role: apt-repo/spreadspace
  - role: x509/managed-ca/base
  - role: x509/managed-ca/ca
  - role: network/nftables/base
  - role: network/coredns
  - role: mosquitto/broker
  - role: nginx/base
  - role: monitoring/prometheus/exporter
  post_tasks:
  - name: create systemd override directory for nginx service unit
    file:
      path: /etc/systemd/system/nginx.service.d
      state: directory

  - name: create overrides for nginx systemd unit
    copy:
      content: |
        [Unit]
        After=network-online.target
        Wants=network-online.target
      dest: /etc/systemd/system/nginx.service.d/after-network-online.conf

  - name: configure default vhost web.chaos-at-home.org
    vars:
      nginx_vhost:
        name: iot-default
        default: yes
        listen:
        - "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:80"
        template: generic
        locations:
          '/':
            return: 404
    include_role:
      name: nginx/vhost

  - name: configure reverse-proxy for apt-cache
    vars:
      nginx_vhost:
        name: apt.chaos-at-home.org
        listen:
        - "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:80"
        hostnames:
        - apt.chaos-at-home.org
        template: generic
        locations:
          '/':
            proxy_pass: "http://apt.chaos-at-home.org/"
    include_role:
      name: nginx/vhost