From 20cb480915bd81babba5d9922250159ecbd5ad33 Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finally.coffee>
Date: Sun, 16 Jul 2023 18:58:33 +0200
Subject: [PATCH] feat(vouch-proxy): add ansible role for vouch-proxy

---
 roles/vouch-proxy/defaults/main.yml | 51 +++++++++++++++++++++++++++++
 roles/vouch-proxy/handlers/main.yml |  8 +++++
 roles/vouch-proxy/tasks/main.yml    | 50 ++++++++++++++++++++++++++++
 3 files changed, 109 insertions(+)
 create mode 100644 roles/vouch-proxy/defaults/main.yml
 create mode 100644 roles/vouch-proxy/handlers/main.yml
 create mode 100644 roles/vouch-proxy/tasks/main.yml

diff --git a/roles/vouch-proxy/defaults/main.yml b/roles/vouch-proxy/defaults/main.yml
new file mode 100644
index 0000000..bbf5089
--- /dev/null
+++ b/roles/vouch-proxy/defaults/main.yml
@@ -0,0 +1,51 @@
+---
+
+vouch_proxy_user: vouch-proxy
+vouch_proxy_version: 0.39.0
+vouch_proxy_base_path: /opt/vouch-proxy
+vouch_proxy_config_path: "{{ vouch_proxy_base_path }}/config"
+vouch_proxy_config_file: "{{ vouch_proxy_config_path }}/config.yaml"
+
+vouch_proxy_container_name: vouch-proxy
+vouch_proxy_container_image_name: vouch-proxy
+vouch_proxy_container_image_namespace: vouch/
+vouch_proxy_container_image_registry: quay.io
+
+vouch_proxy_container_image_repository: >-
+  {{
+    (container_registries[vouch_proxy_container_image_registry] | default(vouch_proxy_container_image_registry))
+    + '/' + (vouch_proxy_container_image_namespace | default(''))
+    + vouch_proxy_container_image_name
+  }}
+vouch_proxy_container_image_reference: >-
+  {{
+    vouch_proxy_container_image_repository + ':'
+    + (vouch_proxy_container_image_tag | default(vouch_proxy_version))
+  }}
+
+vouch_proxy_container_image_force_pull: "{{ vouch_proxy_container_image_tag is defined }}"
+
+vouch_proxy_container_default_volumes:
+  - "{{ vouch_proxy_config_file }}:/config/config.yaml:ro"
+vouch_proxy_container_volumes: >-
+  {{ vouch_proxy_container_default_volumes
+     + vouch_proxy_container_extra_volumes | default([]) }}
+vouch_proxy_container_restart_policy: "unless-stopped"
+
+vouch_proxy_config_vouch_log_level: info
+vouch_proxy_config_vouch_listen: 0.0.0.0
+vouch_proxy_config_vouch_port: 9090
+vouch_proxy_config_vouch_domains: []
+vouch_proxy_config_vouch_document_root: ~
+
+vouch_proxy_oauth_config: {}
+vouch_proxy_vouch_config:
+  logLevel: "{{ vouch_proxy_config_vouch_log_level }}"
+  listen: "{{ vouch_proxy_config_vouch_listen }}"
+  port: "{{ vouch_proxy_config_vouch_port }}"
+  domains: "{{ vouch_proxy_config_vouch_domains }}"
+  document_root: "{{ vouch_proxy_config_vouch_document_root }}"
+
+vouch_proxy_config:
+  vouch: "{{ vouch_proxy_vouch_config }}"
+  oauth: "{{ vouch_proxy_oauth_config }}"
diff --git a/roles/vouch-proxy/handlers/main.yml b/roles/vouch-proxy/handlers/main.yml
new file mode 100644
index 0000000..c09726d
--- /dev/null
+++ b/roles/vouch-proxy/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Ensure vouch-proxy was restarted
+  community.docker.docker_container:
+    name: "{{ vouch_proxy_container_name }}"
+    state: started
+    restart: yes
+  listen: restart-vouch-proxy
diff --git a/roles/vouch-proxy/tasks/main.yml b/roles/vouch-proxy/tasks/main.yml
new file mode 100644
index 0000000..4584520
--- /dev/null
+++ b/roles/vouch-proxy/tasks/main.yml
@@ -0,0 +1,50 @@
+---
+
+- name: Ensure vouch-proxy user '{{ vouch_proxy_user }}' exists
+  ansible.builtin.user:
+    name: "{{ vouch_proxy_user }}"
+    state: present
+    system: true
+  register: vouch_proxy_user_info
+
+- name: Ensure mounts are created
+  ansible.builtin.file:
+    dest: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner | default(vouch_proxy_user_info.uid | default(vouch_proxy_user)) }}"
+    group: "{{ item.owner | default(vouch_proxy_user_info.group | default(vouch_proxy_user)) }}"
+    mode: "{{ item.mode | default('0755') }}"
+  loop:
+    - path: "{{ vouch_proxy_base_path }}"
+    - path: "{{ vouch_proxy_config_path }}"
+
+- name: Ensure config file is templated
+  ansible.builtin.copy:
+    dest: "{{ vouch_proxy_config_file }}"
+    content: "{{ vouch_proxy_config | to_nice_yaml }}"
+    owner: "{{ vouch_proxy_user_info.uid | default(vouch_proxy_user) }}"
+    group: "{{ vouch_proxy_user_info.group | default(vouch_proxy_user) }}"
+    mode: "0640"
+  notify:
+    - restart-vouch-proxy
+
+- name: Ensure container image is present on host
+  community.docker.docker_image:
+    name: "{{ vouch_proxy_container_image_reference }}"
+    state: present
+    source: pull
+    force_source: "{{ vouch_proxy_container_image_force_pull | bool }}"
+
+- name: Ensure container '{{ vouch_proxy_container_name }}' is running
+  community.docker.docker_container:
+    name: "{{ vouch_proxy_container_name }}"
+    image: "{{ vouch_proxy_container_image_reference }}"
+    env: "{{ vouch_proxy_container_env | default(omit) }}"
+    user: "{{ vouch_proxy_user_info.uid | default(vouch_proxy_user) }}"
+    ports: "{{ vouch_proxy_container_ports | default(omit) }}"
+    volumes: "{{ vouch_proxy_container_volumes | default(omit) }}"
+    networks: "{{ vouch_proxy_container_networks | default(omit) }}"
+    purge_networks: "{{ vouch_proxy_container_purge_networks | default(omit) }}"
+    etc_hosts: "{{ vouch_proxy_container_etc_hosts | default(omit) }}"
+    restart_policy: "{{ vouch_proxy_container_restart_policy }}"
+    state: started