- hosts: reg
  remote_user: root
  become: yes
  roles:
    - role: sane_debian_system
    - role: comfortable
    - role: unix_users
    - role: haproxy
    - role: qvisqve
    - role: muck
      tags: muck
    - role: effi-reg
      tags: effi-reg
  vars:
    hostname: effidemo

    debian_codename: stretch

    sources_lists:
      - repo: "deb http://ci-prod-controller.vm.liw.fi/debian stretch-ci main ickhost"
        signing_key: "{{ ci_prod_apt_signing_key }}"

    unix_users:
      - username: root
        authorized_keys: |
          {{ liw_ssh_key_pub }}
          {{ wm_ssh_key_pub }}

    letsencrypt_email: liw@liw.fi
    haproxy_domain: "{{ reg_domain }}"
    haproxy_rules:
      - name: qvisqve1
        path: /token
        backends: ["127.0.0.1:{{ qvisqve_port }}"]

      - name: qvisqve2
        path: /clients
        backends: ["127.0.0.1:{{ qvisqve_port }}"]

      - name: qvisqve3
        path: /auth
        backends: ["127.0.0.1:{{ qvisqve_port }}"]

      - name: effiapi1
        path: /status
        backends: ["127.0.0.1:{{ effiapi_port }}"]

      - name: effiapi2
        path: /memb
        backends: ["127.0.0.1:{{ effiapi_port }}"]

      - name: effiapi3
        path: /search
        backends: ["127.0.0.1:{{ effiapi_port }}"]

      - name: effireg1
        path: /
        backends: ["127.0.0.1:{{ effireg_port }}"]

      - name: effireg2
        path: /callback
        backends: ["127.0.0.1:{{ effireg_port }}"]

    muck_port: 12765
    effiapi_port: 8080
    effireg_port: 8181

    qvisqve_port: 10000
    qvisqve_domain: "{{ reg_domain }}"

    wm_ssh_key_pub: |
      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWvVYqyPen0CFhfx9dzzCKNbQ7fUpbCRdlQ/PI4sAv5R+gjUYjZJ3HQQhdkEx6mwY+fGYgGIAY9xiTi+BzXSPPtuWUypB2/ee+Dh5Uqica1TCj/3txmFGE7qwD+AqoJYbDAD1x17AaCIEDgHv2wOQ2o8GlOKTK9mGgvZWTUgIUF7PObotg8/M6TV4NO3of7ZSJ0yqumU/GLaJ8UkvYVQ3Gj0w8tbX6xiJKcOnMyM+P+JIFRKKi/SzjymVfAie9OAlIcDEYTeT6dtqWYB6hT0/40D0ZcxOfIg07/m4A956hH9AzRKuz01w2phP2zQyHRUSOCWa5EWF/H9snxpeE5Ein liw@exolobe3