- name: DNS setup
  hosts: localhost
  tags: dns
  module_defaults:
      inwx:
          username: "{{lookup('ini', 'user section=inwx file=credentials.ini')}}"
          password: "{{lookup('ini', 'pass section=inwx file=credentials.ini')}}"
  vars:
      subdomains:
        - git.jaseg.net
        - git.jaseg.de
        - blog.jaseg.net
        - blog.jaseg.de
        - kochbuch.jaseg.net
        - gerbolyze.jaseg.net
        - tracespace.jaseg.net
        - openjscad.jaseg.net
        - pogojig.jaseg.net
        - automation.jaseg.de
        - dyndns.jaseg.de
      fastmail_domains:
        - jaseg.net
        - jaseg.de
  tasks:
      - name: Gather wendelstein facts
        setup:
        delegate_to: wendelstein
        delegate_facts: True

      - name: Setup DNS
        include_tasks: dns.yml


- name: Wendelstein setup
  hosts: wendelstein
  tasks:
    - name: Set hostname
      tags: setup
      hostname:
        name: wendelstein.jaseg.net

    - name: Install common admin tools
      tags: setup
      dnf:
        name: htop,tmux,fish,mosh,neovim,sqlite
        state: latest

    - name: Install host requisites
      tags: setup
      dnf:
          name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
          state: latest

    - name: Disable password-based root login
      tags: setup
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin'
        line: 'PermitRootLogin without-password'
      register: disable_root_pw_ssh

    - name: Restart sshd
      tags: setup
      systemd:
          name: sshd
          state: restarted
      when: disable_root_pw_ssh is changed

    - name: Configure iptables firewall service
      tags: setup
      copy:
        src: iptables.rules
        dest: /etc/sysconfig/iptables
        owner: root
        group: root
        mode: 0664

    - name: Enable iptables firewall service
      tags: setup
      systemd:
        name: iptables
        enabled: yes
        state: started

    - name: Create containers
      tags: setup
      include_tasks:
          file: setup_containers.yml
          apply:
              tags: setup
      vars:
        containers:
          - gerboweb
          - clippy
          - pogojig

    - name: Setup web server
      tags: www
      include_tasks:
          file: setup_webserver.yml
          apply:
              tags: www

    - name: Setup gerboweb
      tags: gerboweb
      include_tasks:
          file: setup_gerboweb.yml
          apply: 
              tags: gerboweb

    - name: Setup clippy
      tags: clippy
      include_tasks:
          file: setup_clippy.yml
          apply:
              tags: clippy

    - name: Setup secure download
      tags: secure-download
      include_tasks:
          file: setup_secure_download.yml
          apply:
              tags: secure-download

    - name: Setup tracespace
      tags: pogojig
      include_tasks:
          file: setup_tracespace.yml
          apply:
              tags: pogojig

    - name: Setup openjscad
      tags: pogojig
      include_tasks:
          file: setup_openjscad.yml
          apply:
              tags: pogojig

    - name: Setup pogojig
      tags: pogojig
      include_tasks:
          file: setup_pogojig.yml
          apply:
              tags: pogojig

    - name: Setup notification proxy
      tags: notification-proxy
      include_tasks:
          file: setup_notification_proxy.yml
          apply:
              tags:
                  notification-proxy

    - name: Setup semi-public git server
      tags: git
      include_tasks:
          file: setup_git.yml
          apply:
              tags: git

    - name: Setup private DynDNS service
      tags: dyndns
      include_tasks:
          file: setup_dyndns.yml
          apply:
              tags: dyndns