- name: Set up real host.
  gather_facts: false
  hosts: localhost
  tags:
    - deploy
  vars_files:
    - ../vault.yml
    - ../dist/terraform_outputs.yml
    - ../variables.yml
  tasks:
    - name: Add remote host.
      ansible.builtin.add_host:
        name: server
        ansible_ssh_host: "{{ variables.proxy_host }}"

- name: Set-up NAT.
  gather_facts: false
  hosts: server
  vars_files:
    - ../vault.yml
    - ../dist/terraform_outputs.yml
  tasks:
    - name: Install PIP.
      ansible.builtin.apt:
        name:
          - python3-pip
          - ifupdown
        state: present
        update_cache: true

    - name: Install needed packages.
      ansible.builtin.pip:
        name:
          - botocore
          - boto3
          - packaging
        state: present
        break_system_packages: true

    - name: Set-up the network interfaces.
      ansible.builtin.blockinfile:
        dest: /etc/network/interfaces
        marker: "# NAT CONFIG {marker}"
        content: |
          auto eth0
          iface eth0 inet dhcp
              post-up echo 1 > /proc/sys/net/ipv4/ip_forward
              post-up iptables -t nat -A POSTROUTING -s '{{ network_cidr.value }}' -o eth0 -j MASQUERADE

- name: Install Docker.
  gather_facts: true
  hosts: server
  vars_files:
    - ../vault.yml
    - ../dist/terraform_outputs.yml
  tasks:
    - name: Download Docker repository key.
      ansible.builtin.apt_key:
        url: https://download.docker.com/linux/debian/gpg
        state: present

    - name: Download Docker repository.
      ansible.builtin.apt_repository:
        repo: "deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
        state: present

    - name: Remove bad packages.
      ansible.builtin.apt:
        state: absent
        package:
          - docker.io
          - docker-doc
          - docker-compose
          - podman-docker
          - containerd
          - runc

    - name: Download Docker dependencies.
      ansible.builtin.apt:
        state: present
        package:
          - ca-certificates
          - curl

    - name: Download Docker packages.
      ansible.builtin.apt:
        state: present
        update_cache: true
        package:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-buildx-plugin
          - docker-compose-plugin

- name: Set-up reverse proxy.
  gather_facts: false
  hosts: server
  vars_files:
    - ../vault.yml
    - ../dist/terraform_outputs.yml
  tasks:
    - name: Set-up folders.
      ansible.builtin.file:
        path: "{{ item }}"
        state: directory
        recurse: true
      loop: [/root/data, /root/letsencrypt]

    - name: Set-up manager.
      community.docker.docker_container:
        name: proxy-manager
        image: 'jc21/nginx-proxy-manager:latest'
        state: started
        restart_policy: unless-stopped
        ports: ['80:80', '443:443', '81:81']
        labels: { docker-volume-backup.stop-during-backup: "true" }
        volumes:
          - /root/data:/data
          - /root/letsencrypt:/etc/letsencrypt

    - name: Run backup.
      community.docker.docker_container:
        name: proxy-backup
        image: offen/docker-volume-backup:v2
        state: started
        restart_policy: unless-stopped
        volumes:
          - /root/data:/backup/data:ro
          - /root/letsencrypt:/backup/letsencrypt:ro
          - /var/run/docker.sock:/var/run/docker.sock:ro
        env:
          AWS_S3_BUCKET_NAME: "{{ secret.bucket.name }}"
          AWS_S3_PATH: "{{ secret.bucket.key }}"
          AWS_REGION: "{{ secret.bucket.region }}"
          AWS_ACCESS_KEY_ID: "{{ secret.bucket.access_key }}"
          AWS_SECRET_ACCESS_KEY: "{{ secret.bucket.secret_key }}"
          AWS_ENDPOINT: "{{ secret.bucket.endpoint }}"
          BACKUP_CRON_EXPRESSION: "0 0 * * *"