---
- hosts: db
  become: true

  vars_files:
    - vars/vars.yml
    - vars/provision_vault.yml
    - vars/provision_vars.yml

  vars:
    firewall_additional_rules:
      - "iptables -A INPUT -p tcp --dport 3306 -s 10.131.0.2 -j ACCEPT"
    firewall_allowed_tcp_ports: [2849]
    mysql_bind_address: '10.131.0.3'
    mysql_users:
      - name: "{{ app_mysql_user }}"
        password: "{{ app_mysql_password }}"
        host: '10.131.0.2'
        priv: "oliverdavies_uk.*:ALL"
    mysql_databases:
      - name: oliverdavies_uk

  pre_tasks:
    - name: Update apt cache
      apt:
        update_cache: true
        cache_valid_time: 3600

  roles:
    - name: geerlingguy.firewall
    - name: geerlingguy.security
    - name: geerlingguy.mysql

- hosts: web 

  vars_files:
    - vars/vars.yml
    - vars/provision_vault.yml
    - vars/provision_vars.yml

  vars:
    composer_version_branch: '--1'
    firewall_allowed_tcp_ports: [80, 443, 2849]
    mysql_packages:
      - mariadb-client
    mysql_users: []
  
  roles:
    - name: geerlingguy.firewall
    - name: geerlingguy.security
    - name: geerlingguy.certbot
    - name: geerlingguy.nginx
    - name: geerlingguy.mysql
    - name: geerlingguy.php-versions
    - name: geerlingguy.php
    - name: geerlingguy.php-mysql
    - name: geerlingguy.composer
    - name: geerlingguy.nodejs

  pre_tasks:
    - name: Update apt cache
      apt:
        update_cache: true
        cache_valid_time: 3600

  tasks:
    - name: Install packages
      package:
        name: [curl, zip]
        state: present

    - name: Add cron jobs
      cron:
        name: Drupal cron - oliverdavies.uk
        minute: '*/5'
        job: >
          {{ project_root_path }}/{{ ansistrano_current_dir }}/vendor/bin/drush core-cron
          --root={{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}
          --uri https://www.oliverdavies.uk
          --quiet