---
# file: roles/haproxy/tasks/configure.yml

- name: "Proxy | Install SSL certificates"
  copy:
    src='{{inventory_dir}}/files/ssl/{{item.file}}'
    dest='/etc/haproxy/certs'
  with_items: '{{ proxy_certificates }}'
  when: not item.letsencrypt|default(false)
  notify: 'Proxy | Restart HAProxy'

- name: "Proxy | Create host lists"
  template:
    src='host_list'
    dest='/etc/haproxy/{{item}}.list'
    owner='root'
    group='root'
    mode='644'
  with_items: '{{ groups.webserver }}'
  notify: 'Proxy | Restart HAProxy'

- name: "Proxy | Create host ssl lists"
  template:
    src='host_ssl_list'
    dest='/etc/haproxy/{{item}}.ssl.list'
    owner='root'
    group='root'
    mode='644'
  with_items: '{{ groups.webserver }}'
  notify: 'Proxy | Restart HAProxy'

- name: "Proxy | Create use bigpipe host lists"
  template:
    src='use_bigpipe_list'
    dest='/etc/haproxy/use_bigpipe.list'
    owner='root'
    group='root'
    mode='644'
  notify: 'Proxy | Restart HAProxy'

- name: "Proxy | Create ignore varnish host lists"
  template:
    src='ignore_varnish_list'
    dest='/etc/haproxy/ignore_varnish.list'
    owner='root'
    group='root'
    mode='644'
  notify: 'Proxy | Restart HAProxy'

- name: "Proxy | Create empty crm lists files"
  file:
    dest='/etc/haproxy/{{item}}.crm.list'
    owner='root'
    group='root'
    mode='644'
    state='touch'
  with_items: '{{ groups.webserver }}'
  changed_when: false

- name: "Proxy | Create config file"
  template:
    src='haproxy_cfg'
    dest='/etc/haproxy/haproxy.cfg'
    owner='root'
    group='root'
    mode='644'
  notify: 'Proxy | Restart HAProxy'

- name: "Proxy | Update blacklists"
  template:
    src='{{ item }}'
    dest='/etc/haproxy/{{ item }}'
    owner='root'
    group='root'
    mode='644'
  with_items:
    - 'blacklist.ip'
    - 'blacklist.referer'
    - 'blacklist.agent'
  notify: 'Proxy | Restart HAProxy'