- hosts: local
  connection: local
  roles:
    - basis
    - backup
    - java
    - nginx
    - gocd
    - checkmk


  vars:
    users_local: [] #some local users only specific to this node!
    users: "{{ users_local + users_admin }}"

    fail2ban_activate_modules:
      - sshd
      - nginx

    mount_points:
      - path: "{{ gocd_artifact_location }}"
        dev: /dev/sdb
    
    gocd_admin_user: gocd_admin
    gocd_admin_pass: VeryCoolAdminPassword!
    gocd_artifact_location: "{{ cloud_storage }}/gocd-artifacts"
    gocd_website:
      domain: "build.{{ domain_external }}"
      letsencrypt: true
      state: present
      owner: jenkins
      port: 80
      root_setup: false
      index: noindex
      root: noroot
      options:
        access_log: "/var/log/nginx/build.{{ domain_external }}-access.log"
        error_log: "/var/log/nginx/build.{{ domain_external }}-error.log"
      pre_options: |
        # Required for GoCD websocket agents
        map $http_upgrade $connection_upgrade {
          default upgrade;
          '' close;
        }
      locations:
        - location: '/'
          options: |
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto $scheme;
            proxy_http_version      1.1;
            proxy_set_header        Upgrade $http_upgrade;
            proxy_set_header        Connection $connection_upgrade;
            proxy_pass              http://localhost:8153/;
            client_max_body_size  10000m;

    # Websites
    web_sites:
      - "{{ gocd_website }}"

    # Backup
    backup_targets:
      file:
        - "{{ gocd_artifact_location }}"
        - "/etc/letsencrypt"

  vars_files:
    - "group_vars/{{ ansible_local.preferences.ansible.environment }}.yml"