---
- name: Basic Setup
  hosts: glt-stream
  roles:
  - role: apt-repo/base
  - role: core/base
  - role: core/sshd/base
  - role: core/zsh
  - role: core/ntp
  - role: apt-repo/spreadspace
  - role: x509/acmetool/base
  - role: nginx/base
  - name: storage/lvm/volume
    lvm_volume:
      vg: "{{ host_name }}"
      lv: www
      size: 10G
      fs: ext4
      dest: /srv/www
  post_tasks:
  - name: create base directory for static www content
    file:
      path: /srv/www/stream
      state: directory

  - name: configure default vhost stream.linuxtage.at
    vars:
      nginx_vhost:
        default: yes
        name: stream
        template: generic
        acme: yes
        hostnames:
        - stream.linuxtage.at
        extra_directives: |-
          add_header Access-Control-Allow-Headers "origin,range,accept-encoding,referer";
          add_header Access-Control-Allow-Methods "GET,HEAD,OPTIONS";
          add_header Access-Control-Allow-Origin "*";
          add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range,Date";

          {% for room_id in [1,2,3] %}
          location /stats/saal{{ room_id }}/ {
              include snippets/proxy-nobuff.conf;
              proxy_set_header Host $host;
              include snippets/proxy-forward-headers.conf;
              proxy_pass http://127.0.0.1:{{ 4200 + room_id }}/;
          }
          {% endfor %}
        locations:
          '/':
            root: /srv/www/stream
            index: index.html
          '/preped':
            root: /srv/www/stream
            autoindex: {}
    include_role:
      name: nginx/vhost

  - name: install golang
    apt:
      name: go
      state: present

  - name: create base directory for stats
    file:
      path: /srv/www/stats
      state: directory

  - name: add user for stats
    user:
      name: stats
      system: yes
      home: /srv/www/stats

  - name: create data and gocache directories for stats
    loop:
      - data
      - .gocache
    file:
      path: "/srv/www/stats/{{ item }}"
      state: directory
      group: stats
      mode: 0775

  - name: install stats collector script
    copy:
      src: "{{ global_files_dir }}/glt/stream-stats.go"
      dest: /srv/www/stats/stream-stats.go

  - name: install start script for collector
    copy:
      content: |
        #!/bin/bash
        ROOM=$1
        case "$ROOM" in
          saal1)
            PORT=4201
            ;;
          saal2)
            PORT=4202
            ;;
          saal3)
            PORT=4203
            ;;
          *)
            echo "unknown room"
            exit 1
            ;;
        esac
        exec /usr/bin/go run /srv/www/stats/stream-stats.go 127.0.0.1:$PORT /srv/www/stats/data/glt21-$ROOM.json
      dest: /srv/www/stats/run.sh
      mode: 0755

  - name: install systemd unit for stats collector
    copy:
      content: |
        [Unit]
        Description=GLT21 Stream Stats Collector (%I)

        [Service]
        Type=simple
        User=stats
        Environment="GOCACHE=/srv/www/stats/.gocache"
        ExecStart=/srv/www/stats/run.sh %i
        Restart=always
        RestartSecs=1s
        StartLimitBurst=10
        StartLimitIntervalSec=5s
        NoNewPrivileges=yes
        PrivateTmp=yes
        PrivateDevices=yes
        ProtectSystem=strict
        ReadWritePaths=/srv/www/stats/data /srv/www/stats/.gocache
        ProtectHome=yes
        ProtectKernelTunables=yes
        ProtectControlGroups=yes
        RestrictRealtime=yes
        RestrictAddressFamilies=AF_INET

        [Install]
        WantedBy=multi-user.target
      dest: /etc/systemd/system/stream-stats@.service

  - name: make sure stats collector service units are enabled and started
    loop:
    - saal1
    - saal2
    - saal3
    systemd:
      name: "stream-stats@{{ item }}.service"
      daemon_reload: yes
      enabled: yes
      state: started