---
- name: "Install haproxy via apt"
  ansible.builtin.apt:
    update_cache: yes
    state: present
    name:
     - haproxy

- name: Copy haproxy configuration
  ansible.builtin.copy:
    src: haproxy.cfg
    dest: /etc/haproxy/haproxy.cfg
    mode: 0644
    owner: root
    group: root

- name: Enable and stop haproxy
  ansible.builtin.service:
    name: haproxy
    state: stopped
    enabled: yes

- name: "Install certbot via apt"
  ansible.builtin.apt:
    update_cache: yes
    state: present
    name:
     - python3-certbot

- name: Generate certificate for Neko domain
  ansible.builtin.command:
    cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --standalone -d neko.tormakristof.eu

- name: Generate certificate for TURN domain
  ansible.builtin.command:
    cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --standalone -d turn.tormakristof.eu

- name: Enable and start haproxy
  ansible.builtin.service:
    name: haproxy
    state: started
    enabled: yes

- name: Copy certbot cronjob
  ansible.builtin.copy:
    src: certbot
    dest: /etc/cron.weekly/certbot
    mode: 0755
    owner: root
    group: root

- name: Reset ufw rules to default
  community.general.ufw:
    state: reset

- name: Enable ufw
  community.general.ufw:
    state: enabled

- name: "Install haproxy exporter"
  ansible.builtin.apt:
    update_cache: yes
    state: present
    name:
     - prometheus-haproxy-exporter

- name: Allow node-exporter via ufw
  community.general.ufw:
    rule: allow
    port: 9100
    proto: tcp
    src: 192.168.69.0/24
...