--- # Automate a self-hosted copy of code-server - hosts: oracle remote_user: ubuntu name: Install and deploy vscode server become: true vars: certificate_name: "oracle-tf-demo" pre_tasks: - name: Set a strong password to login to VS Code's browser editor ansible.builtin.pause: prompt: "Set a strong password to login to VS Code's browser editor" echo: false register: vscode_password no_log: true run_once: true tasks: - name: Copy nginx configuration to host ansible.builtin.copy: src: nginx.conf dest: ~/nginx.conf owner: root group: root mode: '0604' - name: Download terraform binary ansible.builtin.get_url: url: https://releases.hashicorp.com/terraform/1.4.6/terraform_1.4.6_linux_amd64.zip dest: ~/terraform.zip mode: '0644' - name: Unpack terraform binary ansible.builtin.unarchive: remote_src: true src: "/root/terraform.zip" dest: ~/ - name: Write self signed certificate become: false ansible.builtin.command: 'mkcert -ecdsa -client -cert-file="{{ certificate_name }}_cert.pem" -key-file="{{ certificate_name }}_privkey.pem" ubuntu@tf-demo' args: creates: "{{ certificate_name }}_privkey.pem" - name: Create a custom docker network tags: docker community.docker.docker_network: name: nginx-vscode-network - name: Launch the nginx-proxy container tags: docker community.docker.docker_container: name: nginx-proxy state: started image: nginx restart: true networks: - name: nginx-vscode-network aliases: - nginx-proxy volumes: - "~/nginx.conf:/etc/nginx/nginx.conf" - "/home/ubuntu/{{ certificate_name }}_cert.pem:/etc/nginx/ssl/{{ certificate_name }}_cert.pem" - "/home/ubuntu/{{ certificate_name }}_privkey.pem:/etc/nginx/ssl/{{ certificate_name }}_privkey.pem" pull: true ports: - "443:443" - "80:80" - name: Launch the code-server container tags: docker community.docker.docker_container: name: code-server state: started image: "linuxserver/code-server" volumes: - "~/terraform:/usr/bin/terraform" - "/lib/:/lib/" - "/usr/:/usr/" networks: - name: nginx-vscode-network aliases: - code-server env: PASSWORD: "{{ vscode_password.user_input }}" pull: true ports: - "8443:8443" - name: Allow HTTP(S) through the firewall ansible.builtin.iptables: chain: INPUT protocol: tcp destination_ports: - "443" - "80" - "8000" jump: ACCEPT