---
- name: prepare storage volume
  vars:
    storage_volume: "{{ collabora_code_instances[collabora_code_instance].storage }}"
  include_role:
    name: "storage/{{ collabora_code_instances[collabora_code_instance].storage.type }}/volume"

- set_fact:
    collabora_code_instance_basepath: "{{ storage_volume_mountpoint }}"

- name: create instance config directory
  file:
    path: "{{ collabora_code_instance_basepath }}/config"
    state: directory
    mode: 0750

- name: generate configuration file
  template:
    src: "config/coolwsd.{{ collabora_code_instances[collabora_code_instance].version }}.xml.j2"
    dest: "{{ collabora_code_instance_basepath }}/config/coolwsd.xml"

- name: generate/install TLS certificates for publishment
  vars:
    x509_certificate_name: "collabora-code-{{ collabora_code_instance }}_publish"
    x509_certificate_hostnames: []
    x509_certificate_config:
      ca: "{{ collabora_code_instances[collabora_code_instance].publish.zone.certificate_ca_config }}"
      cert:
        common_name: "collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}"
        extended_key_usage:
        - serverAuth
        extended_key_usage_critical: yes
        create_subject_key_identifier: yes
        not_after: +100w
    x509_certificate_renewal:
      install:
      - dest: "{{ collabora_code_instance_basepath }}/config/ca-chain.cert.pem"
        src:
        - ca_cert
        mode: "0400"
        owner: 100
      - dest: "{{ collabora_code_instance_basepath }}/config/cert.pem"
        src:
        - cert
        mode: "0400"
        owner: 100
      - dest: "{{ collabora_code_instance_basepath }}/config/key.pem"
        src:
        - key
        owner: 100
        mode: "0400"
  include_role:
    name: "x509/{{ collabora_code_instances[collabora_code_instance].publish.zone.certificate_provider }}/cert"

- name: build custom image
  when: "'custom_image' in collabora_code_instances[collabora_code_instance]"
  include_tasks: custom-image.yml

- name: install pod manifest
  vars:
    kubernetes_standalone_pod:
      name: "collabora-code-{{ collabora_code_instance }}"
      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
      mode: "0600"
      config_hash_items:
      - path: "{{ collabora_code_instance_basepath }}/config/coolwsd.xml"
        properties:
        - checksum
  include_role:
    name: kubernetes/standalone/pod

- name: render nginx-vhost custom config
  set_fact:
    collabora_code_nginx_vhost_custom: "{{ lookup('template', 'nginx-vhost.conf.j2') }}"

- name: configure nginx vhost for publishment
  vars:
    nginx_vhost__yaml: |
      name: "collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}"
      template: generic
      {% if 'tls' in collabora_code_instances[collabora_code_instance].publish %}
      tls:
        {{ collabora_code_instances[collabora_code_instance].publish.tls | to_nice_yaml(indent=2) | indent(2) }}
      {% endif %}
      hostnames:
      {% for hostname in collabora_code_instances[collabora_code_instance].publish.hostnames %}
      - {{ hostname }}
      {% endfor %}
      custom: |
        {{ collabora_code_nginx_vhost_custom | indent(2) }}
    nginx_vhost: "{{ nginx_vhost__yaml | from_yaml }}"
  include_role:
    name: nginx/vhost
    apply:
      delegate_to: "{{ collabora_code_instances[collabora_code_instance].publish.zone.publisher }}"