- name: Gerbolyze container setup playbook
  hosts: wendelstein
  tasks:
    - name: Set hostname
      hostname:
        name: wendelstein.jaseg.net

    - name: Install common admin tools
      dnf:
        name: htop,tmux,fish,mosh,neovim,sqlite
        state: latest

    - name: Install host requisites
      dnf:
          name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators
          state: latest

    - name: Disable password-based root login
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin'
        line: 'PermitRootLogin without-password'
      register: disable_root_pw_ssh

    - name: Restart sshd
      systemd:
          name: sshd
          state: restarted
      when: disable_root_pw_ssh is changed

    - name: Configure iptables firewall service
      copy:
        src: iptables.rules
        dest: /etc/sysconfig/iptables
        owner: root
        group: root
        mode: 0664

    - name: Enable iptables firewall service
      systemd:
        name: iptables
        enabled: yes
        state: started

    - name: Create containers
      include_tasks: setup_containers.yml
      vars:
        containers:
          - gerboweb
          - clippy
          - pogojig

    - name: Setup web server
      include_tasks: setup_webserver.yml

    - name: Setup gerboweb
      include_tasks: setup_gerboweb.yml

    - name: Setup clippy
      include_tasks: setup_clippy.yml

    - name: Setup secure download
      include_tasks: setup_secure_download.yml

    - name: Setup tracespace
      include_tasks: setup_tracespace.yml

    - name: Setup openjscad
      include_tasks: setup_openjscad.yml

    - name: Setup pogojig
      include_tasks: setup_pogojig.yml

    - name: Setup notification proxy
      include_tasks: setup_notification_proxy.yml

    - name: Setup semi-public git server
      include_tasks: setup_git.yml