version: '3'

tasks:

  default:
    cmds:
      - if command -v task; then task -l else go-task -l; fi
    silent: true

  install:
    desc: Install software
    cmds:
      - mkdir -p ~/.local/bin
      - stat ~/.local/bin/task > /dev/null || cp go-task/task ~/.local/bin
      - sudo cp go-task/task.bash /etc/bash_completion.d
      - sudo cp zerotier/zerotier.repo /etc/yum.repos.d
      - sudo cp zerotier/zt-gpg-key /etc/pki/rpm-gpg
      - sudo cp docker/docker-ce.repo /etc/yum.repos.d
      - sudo rpm-ostree install --idempotent fail2ban zerotier-one docker-compose-plugin

  folders:
    desc: Make folders for server
    cmds:
      - sudo mkdir -p /srv/{config,backup,gotask,rpdata,secret,srvtls,server}
      - sudo chmod 700 /srv/{config,backup,gotask,rpdata,secret,srvtls,server}
      - sudo chown 1000 /srv/{config,backup,gotask,rpdata,secret,srvtls,server}
      - cp -r . /srv/server
      - rm -r .

  status:
    desc: Server Status
    cmds:
      - sudo -v
      - task: f2bs
      - task: ztrs

  f2bs:
    cmds:
      - #sudo fail2ban-client get sshd banip --with-time
      - sudo fail2ban-client get bad-auth banip --with-time
      - df
    preconditions:
      - sh: 'command -v fail2ban-client'

  ztrs:
    cmds:
      - sudo zerotier-cli status
      - sudo zerotier-cli listnetworks
    preconditions:
      - sh: 'command -v zerotier-cli'

  mailu:
    desc: Setup fail2ban for mailu frontend
    cmds:
      - sudo systemctl enable --now fail2ban
      - sudo cp mailu-f2b/fail2ban-bad-auth-filter.conf /etc/fail2ban/filter.d/bad-auth.conf
      - sudo cp mailu-f2b/fail2ban-bad-auth-jail.conf /etc/fail2ban/jail.d/bad-auth.conf
      - sudo cp mailu-f2b/fail2ban-docker-action.conf /etc/fail2ban/action.d/docker-action.conf
      - sudo mkdir -p /etc/systemd/system/fail2ban.service.d
      - sudo cp mailu-f2b/fail2ban-override.conf /etc/systemd/system/fail2ban.service.d/override.conf
      - sudo sudo systemctl daemon-reload
      - sudo systemctl restart fail2ban
    sources:
      - fmailu-f2b/ail2ban-bad-auth-filter.conf
      - fmailu-f2b/ail2ban-bad-auth-jail.conf
      - fmailu-f2b/ail2ban-docker-action.conf
      - fmailu-f2b/ail2ban-override.conf
    generates:
      - /etc/fail2ban/filter.d/bad-auth.conf
      - /etc/fail2ban/jail.d/bad-auth.conf
      - /etc/fail2ban/action.d/docker-action.conf
      - /etc/systemd/system/fail2ban.service.d/override.conf
    preconditions:
      - sh: 'commmand -v fail2ban-server'