software-infrastructure/roles/ericomeehan.eom.dev/tasks/main.yml

---
# tasks file for ericomeehan.org-suite
- name: Create eom namespace
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Namespace
      metadata:
        name: eom

- name: Deploy mariadb
  include_tasks: deploy-mariadb.yml
- name: Deploy gitea
  include_tasks: deploy-gitea.yml
- name: Deploy mediawiki
  include_tasks: deploy-mediawiki.yml
- name: Deploy nextcloud
  include_tasks: deploy-nextcloud.yml
- name: Deploy redmine
  include_tasks: deploy-redmine.yml
- name: Deploy influxdb
  include_tasks: deploy-influxdb.yml
- name: Deploy grafana
  include_tasks: deploy-grafana.yml

- name: Create network policy
  k8s:
    state: present
    definition:
      apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      metadata:
        name: eom-private-services
        namespace: eom
      spec:
        podSelector:
          matchExpressions:
            - key: app
              operator: In
              values:
                - gitea
                - grafana
                - influxdb
                - mediawiki
                - nextcloud
                - redmine
        policyTypes:
        - Ingress
        ingress:
        - from:
          - ipBlock:
              cidr: 192.168.1.0/24

- name: Create ingress resource
  k8s:
    state: present
    definition:
      apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
        name: eom-ingress
        namespace: eom
      spec:
        ingressClassName: nginx
        rules:
        - host: gitea.eom.dev
          http:
            paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitea
                  port:
                    number: 80
        - host: grafana.eom.dev
          http:
            paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: grafana
                  port:
                    number: 80
        - host: mediawiki.eom.dev
          http:
            paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: mediawiki
                  port:
                    number: 80
        - host: nextcloud.eom.dev
          http:
            paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: nextcloud
                  port:
                    number: 80
        - host: redmine.eom.dev
          http:
            paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: redmine
                  port:
                    number: 80
        tls:
        - hosts:
          - gitea.eom.dev
          - grafana.eom.dev
          - influxdb.eom.dev
          - mediawiki.eom.dev
          - nextcloud.eom.dev
          - redmine.eom.dev
          secretName: eom-certs