---
- name: Docker
  hosts: privfrontends
  vars_files:
    - ./vars.yaml
  tasks:
    - name: Deploy stack role
      ansible.builtin.include_role:
        name: gi-yt.docker_compose_declarative
      vars:
        app: "{{ service.value }}"
        app_name: "{{ service.key | lower }}"
      loop: "{{ apps.groups | default({}) | dict2items }}"
      loop_control:
        loop_var: service
      when: service.value.docker_settings
- name: Setup Caddy
  hosts: privfrontends
  tasks:
    - name: Copy Caddyfile
      ansible.builtin.template:
        src: ./templates/Caddyfile.j2
        dest: /etc/caddy/Caddyfile
        mode: preserve
      tags: caddy-non-update
    - name: Copy per-server caddy extras
      ansible.builtin.copy:
        src: "./templates/{{ inventory_hostname }}/"
        dest: /etc/caddy/
        directory_mode: true
        mode: preserve
      tags: caddy-non-update
    - name: Reload Caddy
      ansible.builtin.service:
        name: caddy
        enabled: true
        state: reloaded
      tags: caddy-non-update
- name: Fail2Ban
  hosts: privfrontends
  tasks:
    - name: Copy jail.local config to fail2ban
      ansible.builtin.copy:
        src: "./configs/fail2ban/jail.local"
        dest: "/etc/fail2ban/jail.local"
        mode: "0644"
      tags: fail2ban
    - name: Copy caddy-status filter to fail2ban
      ansible.builtin.copy:
        src: "./configs/fail2ban/caddy-status.conf"
        dest: "/etc/fail2ban/filter.d/caddy-status.conf"
        mode: "0644"
      tags: fail2ban
    - name: Restart fail2ban
      ansible.builtin.service:
        name: fail2ban
        state: restarted