---

- hosts: woodpeckers
  vars:
    - WOODPECKER_VERSION: "2.4.1"
    - WOODPECKER_AGENT_SECRET: "{{ vault_woodpecker_agent_secret }}"
    - WOODPECKER_GITEA_SECRET: "{{ vault_woodpecker_gitea_secret }}"
    - WOODPECKER_GITEA_CLIENT: "78903dbe-f90e-4c8d-947a-f6839a1d11c9"

  handlers:
    - name: restart woodpecker
      service:
        name: woodpecker
        state: restarted
        daemon_reload: yes

    - name: restart woodpecker agent
      service:
        name: woodpecker-agent
        state: restarted
        daemon_reload: yes

  tasks:
    - name: Basic setup
      include_role: name=common

    - name: Setup nginx
      include_role: name=nginx
      vars:
        nginx_domain: woodpecker.afpy.org
        nginx_certificates: ['woodpecker.afpy.org']
        nginx_conf: |
          server
          {
              listen [::]:80; listen 80;
              server_name woodpecker.afpy.org;
              access_log /var/log/nginx/woodpecker.afpy.org-access.log;
              error_log /var/log/nginx/woodpecker.afpy.org-error.log;
              return 301 https://woodpecker.afpy.org$request_uri;
          }

          server
          {
              listen [::]:443 ssl; listen 443 ssl;
              server_name woodpecker.afpy.org;
              access_log /var/log/nginx/woodpecker.afpy.org-access.log;
              error_log /var/log/nginx/woodpecker.afpy.org-error.log;
              include snippets/letsencrypt-woodpecker.afpy.org.conf;
              client_max_body_size 16M;

              location / {
                  proxy_pass http://localhost:8000;
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header X-Forwarded-Proto $scheme;
              }
          }

    - name: Download woodpecker
      get_url:
        dest: /root/
        url: "https://github.com/woodpecker-ci/woodpecker/releases/download/v{{WOODPECKER_VERSION}}/woodpecker-server_{{WOODPECKER_VERSION}}_amd64.deb"
        mode: 0644
        owner: root
        group: root

    - name: Install woodpecker
      apt:
        deb: "/root/woodpecker-server_{{WOODPECKER_VERSION}}_amd64.deb"
        state: present
      notify: restart woodpecker

    - name: Create woodpecker group
      group:
        name: woodpecker
        state: present

    - name: Woodpecker user
      user:
        system: true
        password: '!'
        home: /var/lib/woodpecker
        shell: /bin/bash
        group: woodpecker
        name: woodpecker

    - name: Create SQLite directory
      file:
        path: '/var/lib/woodpecker'
        state: directory
        mode: 0755
        owner: woodpecker
        group: woodpecker

    - name: woodpecker systemd service
      notify: restart woodpecker
      copy:
        dest: /etc/systemd/system/woodpecker.service
        content: |
          [Unit]
          Description=Woodpecker
          After=network.target

          [Service]
          User=woodpecker
          Group=woodpecker
          WorkingDirectory=/var/lib/woodpecker/
          Environment="WOODPECKER_AGENT_SECRET={{ WOODPECKER_AGENT_SECRET }}"
          Environment="WOODPECKER_ADMIN=mdk"
          Environment="WOODPECKER_LOG_LEVEL=debug"
          Environment="WOODPECKER_OPEN=true"
          Environment="WOODPECKER_HOST=https://woodpecker.afpy.org"
          Environment="WOODPECKER_GITEA=true"
          Environment="WOODPECKER_GITEA_URL=https://git.afpy.org"
          Environment="WOODPECKER_GITEA_CLIENT={{WOODPECKER_GITEA_CLIENT}}"
          Environment="WOODPECKER_GITEA_SECRET={{WOODPECKER_GITEA_SECRET}}"
          ExecStart=/usr/local/bin/woodpecker-server
          PrivateTmp=true

          [Install]
          WantedBy=multi-user.target

    - name: Run Woodpecker server
      service:
        name: woodpecker
        enabled: yes
        state: started
        daemon_reload: yes