---
# tasks file for eom
- name: Create eom namespace
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Namespace
      metadata:
        name: "eom-{{ target_namespace }}"

- name: Deploy eom openldap
  include_tasks: openldap.yaml

- name: Deploy eom mail
  include_tasks: mail.yaml

- name: Deploy eom git
  include_tasks: git.yaml

- name: Deploy eom media
  include_tasks: media.yaml

- name: Deploy eom www
  include_tasks: www.yaml

- name: Deploy eom proxy
  include_tasks: proxy.yaml

- name: Create network policy
  k8s:
    state: present
    definition:
      apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      metadata:
        name: restrict-external-access
        namespace: "eom-{{ target_namespace }}"
      spec:
        podSelector:
          matchExpressions:
            - key: app
              operator: In
              values:
                - proxy
        policyTypes:
        - Ingress
        ingress:
        - from:
          - ipBlock:
              cidr: 192.168.1.0/24