#!/usr/bin/env ansible-playbook
---
# Deploy Docker hosts
- hosts: docker-ovh.adm.auro.re,docker-worker1-aurore.adm.auro.re
  roles:
    - docker

# Deploy Passbolt
- hosts: passbolt.adm.auro.re
  roles:
    - passbolt

# Deploy reverse proxy
- hosts: proxy*.adm.auro.re
  vars:
    certbot:
      dns_rfc2136_name: certbot_challenge.
      dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
      mail: tech.aurore@lists.crans.org
      certname: auro.re
      domains: "auro.re, *.auro.re, aurores.net, *.aurores.net, fede-aurore.net, *.fede-aurore.net"
      dns_masters_ipv4: 92.222.211.196
    nginx:
      ssl:
        cert: /etc/letsencrypt/live/auro.re/fullchain.pem
        cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
        trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem

      redirect_dnames:
        - aurores.net
        - fede-aurore.net

      reverseproxy_sites:
        - {from: re2o.auro.re,          to: 10.128.0.10}
        - {from: intranet.auro.re,      to: 10.128.0.10}

        - {from: phabricator.auro.re,   to: 10.128.0.50}
        - {from: wiki.auro.re,          to: 10.128.0.51}
        - {from: www.auro.re,           to: 10.128.0.52}

        - {from: re2o-test.auro.re,     to: 10.128.0.100}

        - {from: riot.auro.re,          to: "10.128.0.150:8080"}
        - {from: codimd.auro.re,        to: "10.128.0.150:8081"}
        - {from: grafana.auro.re,       to: "10.128.0.150:8082"}
        - {from: privatebin.auro.re,    to: "10.128.0.150:8083"}
        - {from: pad.auro.re,           to: "10.128.0.150:8084"}
        - {from: cas.auro.re,           to: "10.128.0.150:8085"}

      redirect_sites:
        - {from: auro.re,               to: www.auro.re}
  roles:
    - certbot
    - nginx-reverseproxy