- name: Basic packages
  apt: name={{ item }} state=present
  with_items:
  - python-demjson
  - python-passlib
  - libcapture-tiny-perl
  - libcommon-sense-perl
  - libdata-dumper-simple-perl
  - libdbd-pg-perl
  - libdbi-perl
  - libdigest-perl
  - libjson-perl
  - libjson-xs-perl
  - libnetaddr-ip-perl
  - libnet-cidr-perl
  - libnet-ip-perl
  - libnet-openssh-perl
  - libnet-oping-perl
  - libnet-rawip-perl
  - libsnmp-perl
  - libsocket6-perl
  - libsocket-perl
  - libswitch-perl
  - libtimedate-perl
  - perl
  - perl-base
  - perl-modules
  - varnish
  - libfreezethaw-perl		
  - apache2

- name: Enable CGI
  apache2_module: state=present name=cgid
  notify:
      - restart apache

- name: Remove default apache site
  file: path=/etc/apache2/sites-enabled/000-default.conf  state=absent
  notify:
      - restart apache

- name: Add NMS site config
  file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link
  notify:
      - restart apache

- name: "Apache: Don't listen on 80"
  lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf
  notify:
      - restart apache

- name: "Apache: DO listen on 8080"
  lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf
  notify:
      - restart apache

- name: "Varnish: Set up VCL"
  file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true
  notify:
      - restart varnish

- name: "Varnish: Remove default systemd config"
  lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service
  notify:
      - restart varnish

- name: "Varnish: Add sensible systemd config"
  lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service"
  notify:
      - restart varnish

- name: Setup basic auth for nms read-only
  htpasswd: path=/srv/tgmanage/web/htpasswd-read name=tg password={{ htpasswd_tg }} owner=root group=www-data mode=0640

- name: Setup basic auth for nms write-only
  htpasswd: path=/srv/tgmanage/web/htpasswd-write name=tg password={{ htpasswd_tg }} owner=root group=www-data mode=0640