---

- name: mirismanager install
  apt:
    force_apt_get: true
    install_recommends: false
    name: "{{ manager_packages }}"

- name: configure email sender address
  notify: restart nginx
  lineinfile:
    path: /home/skyreach/skyreach_data/private/settings_override.py
    regexp: '^#? ?DEFAULT_FROM_EMAIL.*'
    line: "DEFAULT_FROM_EMAIL = '{{ manager_email_sender }}'"
    backup: true

- name: configure domain name in nginx conf
  notify: restart nginx
  replace:
    path: /etc/nginx/sites-available/skyreach.conf
    regexp: '^(\s*server_name).*;$'
    replace: '\1 {{ manager_hostname }};'
    backup: true

- name: configure domain name in database
  become: true
  become_user: skyreach
  environment:
    PYTHONPATH: "/home/skyreach/skyreach_site:/home/skyreach:${PYTHONPATH}"
    DJANGO_SETTINGS_MODULE: settings
  script:
    cmd: files/set_site_url.py {{ manager_hostname }}
    executable: python3
    creates: /home/skyreach/.{{ manager_hostname }}.log

- name: resolve domain name to localhost ipv4
  when: not in_docker
  notify: restart nginx
  lineinfile:
    path: /etc/hosts
    line: '127.0.1.1 {{ manager_hostname }}'
    backup: true

- name: ensure skyreach is running
  service:
    name: skyreach
    enabled: true
    state: started

- name: check apt cacher ng config exists
  register: manager_apt_cacher_conf
  stat:
    path: /etc/apt-cacher-ng/acng.conf

- name: configure apt-cacher-ng
  when:
    - manager_apt_cacher_conf.stat.exists
    - manager_proxy_http | d(false)
  notify: restart apt-cacher-ng
  lineinfile:
    path: /etc/apt-cacher-ng/acng.conf
    regexp: '^Proxy: .*'
    line: 'Proxy: {{ manager_proxy_http }}'

- name: ensure apt-cacher-ng is running
  service:
    name: apt-cacher-ng
    enabled: true
    state: started

# FAIL2BAN

- name: fail2ban
  when: manager_fail2ban_enabled
  vars:
    f2b_filter: "{{ manager_f2b_filter }}"
    f2b_jail: "{{ manager_f2b_jail }}"
  include_role:
    name: fail2ban

# FIREWALL

- name: firewall
  when: manager_firewall_enabled
  vars:
    ferm_rules_filename: "{{ manager_ferm_rules_filename }}"
    ferm_input_rules: "{{ manager_ferm_input_rules }}"
    ferm_output_rules: "{{ manager_ferm_output_rules }}"
    ferm_global_settings: "{{ manager_ferm_global_settings }}"
  include_role:
    name: ferm-configure

- meta: flush_handlers

...