---
# Automate a self-hosted copy of code-server

- hosts: oracle
  remote_user: ubuntu
  name: Install and deploy vscode server
  become: true
  vars:

    certificate_name: "oracle-tf-demo"

  pre_tasks:

    - name: Set a strong password to login to VS Code's browser editor
      ansible.builtin.pause:
        prompt: "Set a strong password to login to VS Code's browser editor"
        echo: false
      register: vscode_password
      no_log: true
      run_once: true

  tasks:

    - name: Copy nginx configuration to host
      ansible.builtin.copy:
        src: nginx.conf
        dest: ~/nginx.conf
        owner: root
        group: root
        mode: '0604'

    - name: Download terraform binary
      ansible.builtin.get_url:
        url: https://releases.hashicorp.com/terraform/1.4.6/terraform_1.4.6_linux_amd64.zip
        dest: ~/terraform.zip
        mode: '0644'

    - name: Unpack terraform binary
      ansible.builtin.unarchive:
        remote_src: true
        src: "/root/terraform.zip"
        dest: ~/

    - name: Write self signed certificate
      become: false
      ansible.builtin.command: 'mkcert -ecdsa -client -cert-file="{{ certificate_name }}_cert.pem" -key-file="{{ certificate_name }}_privkey.pem" ubuntu@tf-demo'
      args:
        creates: "{{ certificate_name }}_privkey.pem"

    - name: Create a custom docker network
      tags: docker
      community.docker.docker_network:
        name: nginx-vscode-network

    - name: Launch the nginx-proxy container
      tags: docker
      community.docker.docker_container:
        name: nginx-proxy
        state: started
        image: nginx
        restart: true
        networks:
          - name: nginx-vscode-network
            aliases:
              - nginx-proxy
        volumes:
          - "~/nginx.conf:/etc/nginx/nginx.conf"
          - "/home/ubuntu/{{ certificate_name }}_cert.pem:/etc/nginx/ssl/{{ certificate_name }}_cert.pem"
          - "/home/ubuntu/{{ certificate_name }}_privkey.pem:/etc/nginx/ssl/{{ certificate_name }}_privkey.pem"
        pull: true
        ports:
          - "443:443"
          - "80:80"

    - name: Launch the code-server container
      tags: docker
      community.docker.docker_container:
        name: code-server
        state: started
        image: "linuxserver/code-server"
        volumes:
          - "~/terraform:/usr/bin/terraform"
          - "/lib/:/lib/"
          - "/usr/:/usr/"
        networks:
          - name: nginx-vscode-network
            aliases:
              - code-server
        env:
          PASSWORD: "{{ vscode_password.user_input }}"
        pull: true
        ports:
          - "8443:8443"

    - name: Allow HTTP(S) through the firewall
      ansible.builtin.iptables:
        chain: INPUT
        protocol: tcp
        destination_ports:
          - "443"
          - "80"
          - "8000"
        jump: ACCEPT