---
- name: Basic Setup
  hosts: sgg-icecast
  roles:
  - role: apt-repo/base
  - role: core/base
  - role: core/sshd/base
  - role: core/zsh
  - role: core/ntp
  - role: kubernetes/base
  - role: kubernetes/standalone/base
  - role: streaming/icecast
  - role: apt-repo/spreadspace
  - role: acmetool/base
  - role: nginx/base
  - name: storage/lvm/volume
    lvm_volume:
      vg: "{{ host_name }}"
      lv: www
      size: 1G
      fs: ext4
      dest: /srv/www
  post_tasks:
  - name: create base directory for static www content
    file:
      path: /srv/www/radio
      state: directory

  - name: configure default vhost radiogloria.at
    vars:
      nginx_vhost:
        default: yes
        name: radio
        template: static-files-with-acme
        acme: yes
        hostnames:
        - radiogloria.at
        - www.radiogloria.at
        locations:
          '/':
            root: /srv/www/radio
            index: index.html
    include_role:
      name: nginx/vhost

  - name: configure default vhost live.radiogloria.at
    vars:
      nginx_vhost:
        name: radio-stream
        template: generic-proxy-no-buffering-with-acme
        acme: yes
        hostnames:
        - live.radiogloria.at
        locations:
          '/':
            proxy_pass: http://127.0.0.1:8080
    include_role:
      name: nginx/vhost


  - name: create base directory for stats
    file:
      path: /srv/www/stats-schlagergarten
      state: directory

  - name: add user for stats
    user:
      name: stats
      system: yes
      home: /nonexistent
      create_home: no

  - name: create data directory for stats
    file:
      path: /srv/www/stats-schlagergarten/data
      state: directory
      group: stats
      mode: 0775

  - name: install stats collector script
    copy:
      content: |
        #!/bin/bash
        STATS_D=$(realpath "${BASH_SOURCE%/*}")
        ts=$(date '+%Y-%m-%d_%H-%M-%S')
        exec curl -s http://localhost:8080/status-json.xsl | gzip > "$STATS_D/data/$ts.json.gz"
      dest: /srv/www/stats-schlagergarten/fetch.sh
      mode: 0755

  - name: install systemd unit for stats collector
    copy:
      content: |
        [Unit]
        Description=Schlagergarten Stream Stats Collector

        [Service]
        Type=oneshot
        User=stats
        ExecStart=/srv/www/stats-schlagergarten/fetch.sh
        TimeoutStartSec=20s
        TimeoutStartFailureMode=kill
        NoNewPrivileges=yes
        PrivateTmp=yes
        PrivateDevices=yes
        ProtectSystem=strict
        ReadWritePaths=/srv/www/stats-schlagergarten/data
        ProtectHome=yes
        ProtectKernelTunables=yes
        ProtectControlGroups=yes
        RestrictRealtime=yes
        RestrictAddressFamilies=AF_INET

        [Install]
        WantedBy=multi-user.target
      dest: /etc/systemd/system/stats-schlagergarten.service

  - name: install systemd timer for stats collector
    copy:
      content: |
        [Unit]
        Description=Schlagergarten Stream Stats Collector

        [Timer]
        OnCalendar=minutely
        AccuracySec=0s

        [Install]
        WantedBy=timers.target
      dest: /etc/systemd/system/stats-schlagergarten.timer

  - name: make sure stats collector timer unit is enabled and started
    systemd:
      name: stats-schlagergarten.timer
      daemon_reload: yes
      enabled: yes
      state: started