---
- name: install code server
  hosts: all
  become: true

  tasks:
    - name: remove other files
      include_tasks: yaml_sub/myrepo_clean.yaml

    - name: update file myrepo.repo
      import_tasks: yaml_sub/myrepo_data.yaml

    - name: install client
      ansible.builtin.dnf:
        name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm"
        state: present
        update_cache: true
        skip_broken: true
        nobest: false
        allowerasing: true
        disable_gpg_check: true

    - name: remove other files
      include_tasks: yaml_sub/install_docker.yaml

    - name: Create network codeNet
      community.docker.docker_network:
        name: codeNet

    - name: Create volume code data
      community.docker.docker_volume:
        name: code_data
        state: present

    - name: Create code container
      community.docker.docker_container:
        name: code-server
        image: lscr.io/linuxserver/code-server:latest
        state: started
        recreate: no
        restart_policy: always

        volumes:
          - "code_data:/config"

        env:
          PASSWORD: "{{ passwd }}"
          TZ: "Europe/Berlin"
          PUID: "0"
          PGID: "0"
          DEFAULT_WORKSPACE: "/config/workspace"
          PROXY_DOMAIN: "code.neuro.uni-bremen.de"

        networks:
          - name: codeNet
        comparisons:
          networks: strict

    - name: set nginx.conf
      blockinfile:
        path: /root/nginx/nginx.conf
        state: present
        create: true
        owner: "root"
        group: "root"
        mode: "0644"
        block: |
          events {}
          http {
            server {
              listen 80 default_server;
              server_name _;
              return 301 https://$host$request_uri;
            }
            server {
              listen 443 ssl;
              ssl_certificate      /certs/nginx_certificate.pem;
              ssl_certificate_key  /certs/nginx_key.pem;
              ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
              ssl_prefer_server_ciphers   on;
              ssl_ciphers                 EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
              add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
              server_tokens off;
              client_max_body_size 50M;

              location / {
                proxy_pass http://code-server:8443;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_read_timeout 3m;
                proxy_send_timeout 3m;
              }
            }
          }

    - name: copy key
      ansible.builtin.copy:
        src: "/config/certs/key.pem"
        dest: "/root/nginx/key.pem"
        owner: root
        group: root
        mode: "0600"

    - name: copy ca
      ansible.builtin.copy:
        src: "/config/certs/crt_ca.pem"
        dest: "/root/nginx/ca.pem"
        owner: root
        group: root
        mode: "0600"

    - name: Create nginx container
      community.docker.docker_container:
        name: nginx
        image: "nginx:stable-alpine"
        state: started
        recreate: no
        restart_policy: always

        volumes:
          - "/root/nginx/key.pem:/certs/nginx_key.pem:ro"
          - "/root/nginx/ca.pem:/certs/nginx_certificate.pem:ro"
          - "/root/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"

        ports:
          - "0.0.0.0:443:443"
          - "0.0.0.0:80:80"
        env:
          NGINX_WORKER_PROCESSES: "4"
          NGINX_WORKER_CONNECTIONS: "768"

        networks:
          - name: codeNet

        comparisons:
          networks: strict