- hosts: muninservers
  vars:
    nginx_domain: "munin.afpy.org"
    nginx_certificates: ["{{ nginx_domain }}"]
    nginx_conf: |
      server
      {
          listen 80;
          listen [::]:80;
          server_name {{ nginx_domain }};
          return 301 https://$server_name$request_uri;
      }

      server
      {
          listen 443 ssl http2;
          listen [::]:443 ssl http2;
          server_name {{ nginx_domain }};
          root /var/cache/munin/www;
          index index.html;

          include snippets/letsencrypt-{{ nginx_domain }}.conf;

          location / {
              try_files $uri $uri/ =404;
              autoindex on;
          }

          location ^~ /munin-cgi/munin-cgi-graph/ {
               fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
               fastcgi_param PATH_INFO $fastcgi_path_info;
               fastcgi_pass unix:/run/munin/fcgi-graph.sock;
               include fastcgi_params;
          }
      }

    munin_extra_hosts: |
      [hkis04.hackinscience.org]
      address [2001:4b98:dc0:43:216:3eff:fe1e:a9f0]
      [bot03.hackinscience.org]
      address bot03.hackinscience.org
      [bot04.hackinscience.org]
      address bot04.hackinscience.org

  roles:
    - munin_server
    - nginx

- hosts: all
  roles:
    - common  # For nftables's *_NEIGHBORS
    - munin_client