---
- name: install rpcbind
  apt:
    name: rpcbind
- name: disable rpcbind from the internet
  iptables:
    action: insert
    chain: INPUT
    comment: drop portmapper
    in_interface: "!nodevpn"
    jump: DROP
    protocol: "{{item}}"
    destination_port: "111"
  with_items:
    - tcp
    - udp
- name: bind rpcbind to vpn ip
  lineinfile:
     create: yes
     path: /etc/rpcbind.conf
     line: "OPTIONS=-w -h {{wg_ip}}"
     regexp: "^OPTIONS.*"
  notify: restart rpcbind
- name: add vpn to hosts.allow
  lineinfile:
     path: /etc/hosts.allow
     line: "rpcbind: 10.0.0.0/8"
     regexp: "rpbcind.*"
  notify: restart rpcbind
- name: block everyone
  lineinfile:
     path: /etc/hosts.deny
     line: "rpcbind: ALL"
     regexp: "rpcbind.*"
  notify: restart rpcbind
- name: fire handlers
  meta: flush_handlers
- name: install gluster package
  apt:
    name: glusterfs-server
- name: start and enable gluster
  service:
    enabled: yes
    name: glusterd
    state: started
- name: filesystem on gluster disk
  filesystem:
    dev: /dev/sdb
    fstype: ext4
- name: mount gluster disk
  mount:
    path: /mnt/gluster
    src: /dev/sdb
    opts: noatime
    fstype: ext4
    state: mounted
- name: gluster peers
  gluster_peer:
    nodes:
      - node01
      - node02
      - node03
  when: ansible_nodename == "node01"
- name: gluster volume
  gluster_volume:
    name: data
    replicas: 3
    state: present
    bricks: /mnt/gluster/data
    start_on_create: yes
    cluster:
      - node01
      - node02
      - node03
  when: ansible_nodename == "node01"
- name: gluster client package
  apt:
     name: glusterfs-client
- name: mount gluster brick
  mount:
    path: /data
    src: "{{ansible_nodename}}:/data"
    opts: noatime
    fstype: glusterfs
    state: mounted