- name: "check haproxy_domain is set"
  shell: |
    case "{{ haproxy_domain }}" in
        FIXME)
            echo "ERROR: MUST set haproxy_domain" 1>&2
            exit 1
            ;;
    esac

- name: "check letsencrypt_email is set"
  shell: |
    case "{{ letsencrypt_email }}" in
        FIXME)
            echo "ERROR: MUST set letsencrypt_email" 1>&2
            exit 1
            ;;
    esac

- name: "install certbot"
  apt:
    name: certbot
    default_release: stretch-backports

- name: "run certbot"
  shell: |
    set -eu
    certbot certonly \
            --standalone \
            --noninteractive \
            --email "{{ letsencrypt_email }}" \
            --agree-tos \
            --expand \
            --cert-name haproxy \
            --keep \
            --pre-hook "systemctl stop apache2 haproxy" \
            --post-hook "systemctl start apache2 haproxy" \
            -d "{{ haproxy_domain }}"
    (cd /etc/letsencrypt/live/haproxy; cat fullchain.pem privkey.pem) \
        > /etc/ssl/haproxy.pem

- name: install haproxy
  apt:
    name: haproxy

- name: "create config dirs"
  file:
    state: directory
    path: "{{ item }}"
    owner: root
    group: root
    mode: 0755
  with_items:
    - /etc/haproxy

- name: "drop haproxy frontends and backends lists"
  file:
    state: absent
    path: "{{ item }}"
  with_items:
    - /etc/haproxy/frontends
    - /etc/haproxy/backends

- name: "create haproxy frontends list"
  shell: |
    (
        echo ""
        echo "    acl {{ item.name }} path_beg {{ item.path }}"
        echo "    use_backend {{ item.name }} if {{ item.name }}"
    ) >> /etc/haproxy/frontends
  with_items:
    - "{{ haproxy_rules }}"

- name: "create haproxy backends list"
  shell: |
    (
        echo ""
        echo "backend {{ item.name }}"
        i=0
        {% for backend in item.backends %}
        i="$(expr $i + 1)"
        echo "    server {{ item.name }}_$i {{ backend }}"
        {% endfor %}
    ) >> /etc/haproxy/backends
  with_items:
    - "{{ haproxy_rules }}"

- name: "copy haproxy preamble"
  template:
    src: haproxy.cfg.preamble
    dest: /etc/haproxy

- name: "assemble haproxy preamble"
  shell: |
    cd /etc/haproxy
    cat haproxy.cfg.preamble frontends backends > haproxy.cfg
    chmod 0755 haproxy.cfg

- name: enable and start haproxy
  service:
    name: "{{ item }}"
    state: restarted
    enabled: yes
  with_items:
    - haproxy