---
- hosts: all
  become: true
  vars:
    container_count: 1
    default_container_name: docker
    default_container_image: hello-world
    default_container_command: sleep 1
  tasks:
    - name: Install required system packages
      apt:
        pkg:
          - apt-transport-https
          - ca-certificates
          - curl
          - software-properties-common
          - virtualenv
        state: latest
        update_cache: true

    - name: Ensure certs directory exists
      file:
        path: /home/vagrant/nginx/certs
        state: directory
        mode: '0755'

    - name: Generate self-signed cert for gitea.vm.local
      command: >
        openssl req -x509 -nodes -days 365
        -newkey rsa:2048
        -keyout /home/vagrant/nginx/certs/gitea.vm.local.key
        -out /home/vagrant/nginx/certs/gitea.vm.local.crt
        -subj "/CN=gitea.vm.local"
      args:
        creates: /home/vagrant/nginx/certs/gitea.vm.local.crt

    - name: Generate self-signed cert for bitwarden.vm.local
      command: >
        openssl req -x509 -nodes -days 365
        -newkey rsa:2048
        -keyout /home/vagrant/nginx/certs/bitwarden.vm.local.key
        -out /home/vagrant/nginx/certs/bitwarden.vm.local.crt
        -subj "/CN=bitwarden.vm.local"
      args:
        creates: /home/vagrant/nginx/certs/bitwarden.vm.local.crt

    - name: Add Docker GPG apt Key
      apt_key:
        url: https://download.docker.com/linux/ubuntu/gpg
        state: present

    - name: Add Docker Repository
      apt_repository:
        repo: deb https://download.docker.com/linux/ubuntu focal stable
        state: present

    - name: Update apt and install docker-ce
      apt:
        pkg:
          - docker-ce
          - docker-compose-plugin
        state: latest
        update_cache: true
        
    - name: Add 'vagrant' and 'git' users to docker group
      user:
        name: "{{ item }}"
        groups: docker
        append: yes
      loop:
        - vagrant
        - git

    - name: Create git user
      user:
        name: git
        shell: /home/git/docker-shell
        home: /home/git
        create_home: yes

    - name: Deploy docker passthrough shell
      copy:
        dest: /home/git/docker-shell
        content: |
          #!/bin/sh
          exec /usr/bin/docker exec -i -u git --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
        mode: '0755'

    - name: Update SSH config for git user
      blockinfile:
        path: /etc/ssh/sshd_config
        block: |
          Match User git
            AuthorizedKeysCommandUser git
            AuthorizedKeysCommand /usr/bin/docker exec -i -u git gitea /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k

    - name: Restart SSH
      service:
        name: ssh
        state: restarted

    - name: Ensure Docker service is running
      service:
        name: docker
        state: started
        enabled: true

    - name: Run docker compose up -d
      command: docker compose up -d
      args:
        chdir: /home/vagrant