# create a new FedOAuth server
# NOTE: should be used with --limit most of the time
# NOTE: make sure there is room/space for this server on the vmhost
# NOTE: most of these vars_path come from group_vars/ipsilon* or from hostvars

- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=ipsilon:ipsilon-stg"

- name: make the box be real
  hosts: ipsilon:ipsilon-stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - base
  - rkhunter
  - nagios/client
  - hosts
  - fas_client
  - rsyncd
  - sudo
  - { role: openvpn/client,
      when: env != "staging" }
  - mod_wsgi
  - role: keytab/service
    owner_user: apache
    owner_group: apache
    service: HTTP
    host: "id.stg.fedoraproject.org"
    when: env == "staging"
  - role: keytab/service
    owner_user: apache
    owner_group: apache
    service: HTTP
    host: "id.fedoraproject.org"
    when: env == "production"

  tasks:
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

- name: deploy ipsilon itself
  hosts: ipsilon:ipsilon-stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
  - ipsilon

  handlers:
  - include: "{{ handlers }}/restart_services.yml"