- name: install haproxy
  apt:
    name: haproxy
    state: present

- name: Creer le repertoire du certificat
  file:
    path: /etc/haproxy/crt
    state: directory
    mode: '0755'

- name: Creer le repertoire de la cle privee
  file:
    path: /etc/haproxy/crt/private
    state: directory
    mode: '0755'

- name: Generer une clee privee avec les valeurs par defaut (4096 bits, RSA)
  openssl_privatekey:
    path: /etc/haproxy/crt/private/haproxy.pem.key
    size: 4096
    type: RSA
    state: present

- name: creer un certificat auto-signé
  openssl_certificate:
    path: /etc/haproxy/crt/private/haproxy.pem
    privatekey_path: /etc/haproxy/crt/private/haproxy.pem.key
    provider: selfsigned
    state: present

- name: s'assurer que le certificat a les bonnes permissions
  file:
    path: /etc/haproxy/crt/private/haproxy.pem
    owner: root
    group: haproxy
    mode: '0640'

- name: parametre global
  blockinfile:
    path: /etc/haproxy/haproxy.cfg
    block: |
      global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
        ssl-server-verify none

- name: parametre backend et fontend
  blockinfile:
    path: /etc/haproxy/haproxy.cfg
    block: |
      frontend proxypublic
        bind 192.168.100.10:80
        bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/private/haproxy.pem
        http-request redirect scheme https unless { ssl_fc }
        default_backend fermeweb
      
      backend fermeweb
        balance roundrobin
        option httpclose
        option httpchk HEAD / HTTP/1.0
        server s-lb-web1 192.168.101.1:80 check
        server s-lb-web2 192.168.101.2:80 check

- name: redemarre haproxy
  service:
    name: haproxy
#    state: restarted
    enabled: yes