---
- name: Install a package cache.
  # TODO REM this should be all, come up with a solution.
  hosts: all

  vars:
    install_docker: false
    # For arch distros just run `pacman-mirrors --fasttrack` to grab the fastest
    # repos in your country.
    repos:
      - name: gigenet
        url: mirrors.gigenet.com
        port: 443
      - name: ialab
        url: repo.ialab.dsu.edu
        port: 443
      - name: princeton
        url: mirror.math.princeton.edu
        port: 443
    # TODO remove this if unused.
    # This object represents the uid/gid for the haproxy user/group in the
    # haproxy container.
    haproxy_user:
      # uid: 1003
      # gid: 1007
      uid: &haproxy_uid 99
      gid: &haproxy_gid 99
    persistent_data_directory: /media1/srv/pkg-cache
    host_cert_file: "{{ persistent_data_directory }}/{{ cert_name }}"
    host_config_file: "{{ persistent_data_directory }}/nuster.cfg"
    host_mirrorlist_file: "{{ persistent_data_directory }}/mirrorlist"
    local_mirrorlist_file: ~/dev/pkg-cache-ansible/mirrorlist
    permissions: &persistent_data_permissions
      # owner: gert
      # group: gert
      owner: *haproxy_uid
      group: *haproxy_gid
      mode: '0640'
    cert_name: pkg-cache-shnee-net-key-cert.pem
    container_cert_file: "/etc/ssl/certs/{{ cert_name }}"
  vars_files: ./certs.yml

  tasks:

    - name: Install docker.
      ansible.builtin.include_role:
        name: install_docker
      when: install_docker

    - name: Create hosts directory for data.
      ansible.builtin.file:
        path: "{{ persistent_data_directory }}"
        state: directory
        <<: *persistent_data_permissions
        mode: '0750'
      become: true

    - name: Create nuster config file.
      ansible.builtin.template:
        src: templates/nuster.cfg.j2
        dest: "{{ host_config_file }}"
        <<: *persistent_data_permissions
      become: true

    # This is an example mirrorlist to used with this package cache.
    - name: Create the mirrorlist example.
      ansible.builtin.template:
        src: templates/mirrorlist.j2
        dest: "{{ host_mirrorlist_file }}"
        <<: *persistent_data_permissions
      become: true

    - name: Copy the mirrorlist to localhost.
      ansible.builtin.fetch:
        src: "{{ host_mirrorlist_file }}"
        dest: "{{ local_mirrorlist_file }}"
        flat: true
      become: true

    - name: Copy over SSL cert.
      ansible.builtin.copy:
        dest: "{{ host_cert_file }}"
        content: "{{ pkg_cache_shnee_net_key_cert_pem }}"
        <<: *persistent_data_permissions
        mode: '0600'
      become: true

    - name: Start the nuster container.
      community.docker.docker_container:
        image: nuster/nuster:5.3.0.23-alpine
        name: pkg-cache
        state: started
        restart: true
        # recreate: true
        network_mode: default
        # TODO REM this shouldn't be needed becuase of the proxy.
        # published_ports:
        #   - 4433:8080
        volumes:
          - "{{ host_config_file }}:/etc/nuster/nuster.cfg"
          - "{{ host_cert_file }}:{{ container_cert_file }}"
          - "{{ persistent_data_directory }}/cache:/cache"
        env:
          VIRTUAL_HOST: pkg.shnee.net,*.pkg.shnee.net
          VIRTUAL_PORT: "8080"
          # NETWORK_ACCESS: internal
        restart_policy: unless-stopped