---

- name: Place configuration file.
  copy:
    dest: /root/ingress.conf
    owner: root
    mode: 0644
    content: |
      server {
          listen 80;
          location /config/ {
              sub_filter
                  "{{ lockss_hostname }}:24621"
                  "{{ lockss_hostname }}/config";
              sub_filter
                  "{{ lockss_hostname }}:24621"
                  "{{ lockss_hostname }}/config";
              sub_filter_once off;
              proxy_pass http://127.0.0.1:24621/;
              proxy_set_header Accept-Encoding "";
          }
      }

- name: Add ferm rule.
  copy:
    dest: /etc/ferm.d/11-in-lockss-frontend.ferm
    content: |
      @def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
      domain (ip ip6) table filter chain INPUT
          saddr $MGMT_NET proto tcp dport 80 ACCEPT;
    validate: ferm -n %s

- service:
    name: ferm
    state: restarted

- name: Remove nginx Docker container.
  command:
    cmd: docker rm -f nginx
  ignore_errors: true

- name: Create nginx Docker container.
  command:
    cmd: docker run -d --rm
         --name nginx
         -p 80:80
         --network host
         -v /root/ingress.conf:/etc/nginx/conf.d/default.conf
         nginx