---

# v3, nginx, docker

- hosts: all

  vars_files:
    - vars/apps.yml

  tasks:

    - include_role:
        name: yatesr.timezone
      vars:
        timezone: UTC

    - include_role:
        name: geerlingguy.security
      vars:
        security_ssh_permit_root_login: "yes"
        security_autoupdate_enabled: false
        security_fail2ban_enabled: false

    - include_role:
        name: geerlingguy.nginx
      vars:
        nginx_remove_default_vhost: true

    - include_role:
        name: geerlingguy.docker
      vars:
        docker_users: '{{ apps | map(attribute="username") | list }}'

    - include_role:
        name: docker-app
      private: yes
      vars:
        username: '{{ app_item.username }}'
        ssh_keys: '{{ app_item.ssh_keys | default([]) }}'
        envs: '{{ app_item.envs | default({}) }}'
      with_items: '{{ apps }}'
      loop_control:
        loop_var: app_item

    - include_role:
        name: nginx-proxy
      private: yes
      vars:
        nginx_proxy_name: '{{ fr_item.name }}'
        nginx_proxy_template: '{{ fr_item.template }}'
        nginx_proxy_params: '{{ fr_item.params | default({}) }}'
        nginx_ssl_type: '{{ fr_item.ssl_type }}'
        nginx_ssl_email: '{{ fr_item.ssl_email }}'
        nginx_ssl_domains: '{{ fr_item.ssl_domains }}'
      with_items: '{{ frontends }}'
      loop_control:
        loop_var: fr_item