---

- hosts: mdk
  vars:
    letsencrypt_email: julien@palard.fr
    glowing_bear_version: 0.9.0
  tasks:
    - name: Setup weechat
      include_role: name=weechat
      tags: always
      vars:
        owner: weechat

    - name: Setup Glowing Bear
      tags: weechat
      unarchive:
        src: https://github.com/glowing-bear/glowing-bear/archive/{{ glowing_bear_version }}.tar.gz
        remote_src: true
        dest: "/usr/local/src/"

    - name: Configure irc.mdk.fr
      tags: weechat
      include_role: name=nginx
      vars:
        nginx_domain: irc.mdk.fr
        nginx_certificates: [irc.mdk.fr]
        nginx_conf: |
          # Set connection header based on upgrade header
          map $http_upgrade $connection_upgrade {
              default upgrade;
              '' close;
          }

          server
          {
              listen 443 ssl http2;
              include snippets/letsencrypt-irc.mdk.fr.conf;
              add_header Content-Security-Policy "default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; object-src 'none'; frame-src 'none'; font-src cdnjs.cloudflare.com;";
              add_header X-Frame-Options DENY;
              server_name irc.mdk.fr;

              location /
              {
                  root /usr/local/src/glowing-bear-{{ glowing_bear_version }}/;
                  index index.html;
              }

              location /weechat
              {
                  proxy_pass http://127.0.0.1:9000;
                  proxy_http_version 1.1;
                  proxy_set_header Upgrade $http_upgrade;
                  proxy_set_header Connection $connection_upgrade;
                  proxy_read_timeout 4h;
              }
          }