---
# tasks file for bvansomeren.cockpit

- name: ensure cockpit is installed
  package:
    name: "{{ item }}"
    state: present
  loop: "{{ cockpit_packages }}"

- name: find if docker is installed
  docker_host_info:
  register: docker
  ignore_errors: yes

- name: ensure cockpit-docker is installed
  apt:
    name: cockpit-docker
    state: present
  when: docker.host_info is defined

- name: disable cockpit selfsigned TLS
  ini_file:
    dest: "/etc/cockpit/cockpit.conf"
    section: "WebService"
    option: "AllowUnencrypted"
    value: "true"
  register: systemd

- name: add cockpit origin
  ini_file:
    dest: "/etc/cockpit/cockpit.conf"
    section: "WebService"
    option: "Origins"
    value: "https://{{ ansible_hostname }}.cockpit.troubles.io"
  register: systemd

- name: change default listen port
  blockinfile:
    dest: "/etc/systemd/system/cockpit.socket.d/listen.conf"
    create: true
    backup: true
    owner: root
    group: root
    mode: 0755
    state: present
    block: |
      [Socket]
      ListenStream=
      ListenStream={{ cockpit_listen_port }}
  when: cockpit_listen_port != "9090"

- name: do selinux change if required
  block:
    - name: install package
      package:
        name: policycoreutils-python
        state: present
    - name: enable seport
      seport:
        ports: "{{ cockpit_listen_port }}"
        proto: tcp
        setype: websm_port_t
        state: present
  when: cockpit_listen_port != "9090" and cockpit_use_selinux

- name: enable firewall
  block:
    - name: install firewalld bindings
      package:
        name: python-firewall
        state: present
    - name: enable firewalld
      firewalld:
        port: "{{ cockpit_listen_port }}/tcp"
        permanent: true
        immediate: true
        state: enabled
  when: cockpit_use_firewalld

- name: ensure Cockpit is started
  systemd:
    name: "cockpit.socket"
    state: "started"
    enabled: true
    daemon_reload: true