no-secrets-athq-ansible/roles/web1/tasks/main.yaml

- name: Include service variables
  include_vars: services.yaml

- name: Install apt packages
  apt:
    pkg:
        - libyaml-dev

- name: Install python packages
  pip:
    name: 
      - itsdangerous==2.0.1
      - flask
      - flask-login
      - flask-oidc
      - Flask-SQLAlchemy
      - MarkupSafe
      - Pillow
      - docker-compose
      - waitress
    extra_args: --break-system-packages

- name: fix dumb flask oidc scheme bug
  lineinfile:
    path: /usr/local/lib/python3.9/dist-packages/flask_oidc/__init__.py
    regex: "            flow\\.redirect_uri = url_for\\('_oidc_callback', _external=True\\)"
    line:  "            flow.redirect_uri = url_for('_oidc_callback', _external=True, _scheme='https')"
    backup: yes

- name: Set mode /usr/local/lib/ (python libraries)
  file:
    path: /usr/local/lib/
    mode: 'a+rX'
    recurse: true

- name: Clone repositories
  git:
    repo: https://github.com/FAUSheppy/{{ item }}.git
    dest: "/var/www/{{ item }}"
  become: yes
  become_user: www-data
  with_items:        
    - python-flask-picture-factory
    - simple-log-server

- name: Ensure Ownership to www-data
  file:
    path: /var/www/{{ item }}/
    owner: www-data
    group: www-data
    recurse: true
  with_items:        
    - python-flask-picture-factory
    - simple-log-server

- name: Deploy OIDC config (config)
  template:
    src: oidc_config.json.j2
    dest: "/var/www/{{ item }}/oidc.json"
    owner: www-data
    group: www-data
  with_items:
    - python-flask-picture-factory
    - simple-log-server

- name: SLS Config
  copy:
    src: sls_config.py
    dest: /var/www/simple-log-server/config.py
    owner: www-data
    group: www-data

- name: Deploy OIDC config (client secrets)
  template:
    src: oidc_client_secrets.json.j2
    dest: "/var/www/{{ item }}/oidc_client_secrets.json"
    owner: www-data
    group: www-data
  with_items:
    - python-flask-picture-factory
    - simple-log-server

- name: OAuth2Proxy directories
  file:
    path: "/opt/oauth2proxy/{{ item }}/"
    state: directory
    recurse: yes
  with_items:
    - python-flask-picture-factory
    - simple-log-server

- name: Deploy OAuth2Proxy compose files
  template:
    src: oauth-standalone-docker-compose.yaml
    dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
  with_items:
    - simple-log-server
    - python-flask-picture-factory

- name: Template Systemd Units
  template:
    src: "waitress-systemd-unit.j2"
    dest: "/etc/systemd/system/{{ item.name }}.service"
  with_items:
    - { name : "python-flask-picture-factory",
                                     path : "/var/www/python-flask-picture-factory", external_oidc : true }
    - { name : "serien-ampel",       path : "/var/www/serien-ampel" }
    - { name : "simple-log-server",  path : "/var/www/simple-log-server", external_oidc : true }
  notify:
    - daemon reload
    - systemctl restart image-factory
    - systemctl restart serien-ampel
    - systemctl restart simple-log-server

- meta: flush_handlers

- name: Deploy OAuth2Proxy
  community.docker.docker_compose:
    project_src: /opt/oauth2proxy/{{ item }}/
    pull: true
  with_items:
    - simple-log-server
    - python-flask-picture-factory

- name: Enable and Start Systemd Units
  systemd:
    name: "{{ item }}"
    enabled: yes
    state: started
  with_items:
    - python-flask-picture-factory
    - serien-ampel
    - simple-log-server

- name: event poller cronjob
  cron:
    user: sheppy
    hour: "*"
    minute: "*"
    name: Poll Notifications from Dispatch (signal)
    job: "/home/sheppy/signal-http-gateway/signal-query-dispatch.py --target {{ event_dispatcher_address }} --user {{ event_dispatcher_user }} --password {{ event_dispatcher_pass }} --signal-cli-bin /home/sheppy/signal-cli/bin/signal-cli"