---
- name: Install HAProxy
  package:
    name: haproxy
    state: present

- name: Install python2-cryptography and libsemanage-python
  yum:
    name:
      - python2-cryptography
      - libsemanage-python
  when:
    - ansible_facts['os_family'] == 'RedHat'
    - ansible_facts['distribution_major_version'] <= '7'

- name: Install python3-cryptography and python3-libsemanage
  dnf:
   name:
     - python3-cryptography
     - python3-libsemanage
  when:
    - ansible_facts['os_family'] == 'RedHat'
    - ansible_facts['distribution_major_version'] >= '8'

- name: Set haproxy_connect_any flag on and keep it persistent across reboots
  ansible.posix.seboolean:
    name: haproxy_connect_any
    state: yes
    persistent: yes
  notify:
    - Reload HAProxy
  when: ansible_selinux is defined and ansible_selinux != False and ansible_selinux.status == 'enabled'

- block:
  - name: Check net.ipv4.ip_nonlocal_bind
    ansible.posix.sysctl:
      name: net.ipv4.ip_nonlocal_bind
      value: '1'
      sysctl_set: no
      state: present
    register: sysctl_result

  - name: Set net.ipv4.ip_nonlocal_bind = 1
    ansible.posix.sysctl:
      name: net.ipv4.ip_nonlocal_bind
      value: '1'
      sysctl_set: yes
      state: present
      reload: yes
      sysctl_file: /etc/sysctl.d/99-haproxy.conf
    when: sysctl_result.changed

- name: Apply default config
  block:
    - name: Merge config for HAProxy
      set_fact:
        haproxy_combined_config: "{{ haproxy_config | default({}) | combine(haproxy_default_config, recursive=true) }}"

    - name: Add HAProxy config
      template:
        src: "haproxy.cfg.j2"
        dest: "/etc/haproxy/haproxy.cfg"
      notify:
        - Reload HAProxy
  when:
    - haproxy_config_override is not defined
    - haproxy_config_base64_override is not defined

- name: Override with config in plain text
  block:
    - set_fact:
        haproxy_config: "{{ haproxy_config_override }}"

    - name: Override HAParoxy config in plain text
      copy:
        content: "{{ haproxy_config }}"
        dest: "/etc/haproxy/haproxy.cfg"
      notify:
        - Reload HAProxy
  when: haproxy_config_override is defined

- name: Override with base64 config
  block:
    - set_fact:
        haproxy_config: "{{ haproxy_config_base64_override | b64decode }}"

    - name: Override HAParoxy with config in base64
      copy:
        content: "{{ haproxy_config }}"
        dest: "/etc/haproxy/haproxy.cfg"
      notify:
        - Reload HAProxy
  when: haproxy_config_base64_override is defined

- name: Add maps for HAProxy
  include_tasks: map.yaml
  when: haproxy_map is defined

- name: Add lua code for HAProxy
  include_tasks: lua.yaml
  when: haproxy_lua is defined

- name: Add certificate for HAProxy
  include_tasks: cert.yaml
  when: haproxy_ssl

- name: Enable and start HAProxy service
  systemd:
    name: haproxy
    state: started
    enabled: yes
    daemon_reload: yes
  register: haproxy_enable_and_start