- name: Add testing repo
  lineinfile:
    path: /etc/apk/repositories
    line: '@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing'
  register: repo

- name: Install forgejo
  package:
    update_cache: '{{ repo.changed }}'
    name:
      - forgejo@testing
      - forgejo-runner@testing
      - podman

- name: Create nginx site
  template:
    dest: /etc/nginx/http.d/forgejo.conf
    src: forgejo.conf.j2
  notify: reload nginx

- name: Configure forgejo
  ini_file:
    path: /etc/forgejo/app.ini
    section: '{{ item.section | default("") }}'
    option: '{{ item.option }}'
    value: '{{ item.value }}'
  loop:
    - { option: APP_NAME, value: 'FRI git' }
    - { section: oauth2_client, option: ENABLE_AUTO_REGISTRATION, value: true }
    - { section: oauth2_client, option: USERNAME, value: email }
    - { section: service, option: ALLOW_ONLY_EXTERNAL_REGISTRATION, value: true }
    - { section: service, option: DEFAULT_USER_VISIBILITY, value: private }
    - { section: service.explore, option: DEFAULT_USERS_PAGE, value: private }
    - { section: database, option: SQLITE_JOURNAL_MODE, value: WAL }
    - { section: log, option: ROOT_PATH, value: /var/lib/forgejo/log }
    - { section: server, option: ROOT_URL, value: 'https://{{ dns_name }}/' }
    - { section: server, option: PROTOCOL, value: http+unix }
    - { section: server, option: HTTP_ADDR, value: socket }
    - { section: server, option: UNIX_SOCKET_PERMISSION, value: 660 }
    - { section: server, option: LFS_START_SERVER, value: true }
    - { section: lfs, option: PATH, value: /var/lib/forgejo/data/lfs }
    - { section: repository, option: DEFAULT_BRANCH, value: master }
    - { section: repository, option: ENABLE_PUSH_CREATE_ORG, value: true }
    - { section: repository, option: ENABLE_PUSH_CREATE_USER, value: true }
    - { section: ui, option: AMBIGUOUS_UNICODE_DETECTION, value: false }
    - { section: other, option: SHOW_FOOTER_VERSION, value: false }
    - { section: other, option: SHOW_FOOTER_TEMPLATE_LOAD_TIME, value: false }
    - { section: cron.update_checker, option: ENABLED, value: false }
    - { section: security, option: INSTALL_LOCK, value: true }
  notify: restart forgejo

- name: Enable forgejo service
  service:
    name: forgejo
    enabled: yes
  notify: restart forgejo

- meta: flush_handlers

- name: Set up authentication
  become: yes
  become_user: forgejo
  block:
    - name: Get passwords
      set_fact:
        password: '{{ lookup("passwordstore", "vm/"~inventory_hostname, returnall=true) | from_yaml }}'

    - name: Create admin user
      command: |
        forgejo admin user create --admin
            --username '{{ password.admin_user }}'
            --email '{{ password.admin_mail }}'
            --password '{{ password.admin_pass }}'
      notify: restart forgejo
      register: result
      changed_when: 'result.rc == 0'
      failed_when: 'result.rc != 0 and "user already exists" not in result.stderr'

    - name: Set up SSO
      command: |
        forgejo admin auth add-oauth --provider=openidConnect \
            --name '{{ password.oidc_name }}'
            --auto-discover-url '{{ password.oidc_endpoint }}'
            --key '{{ password.oidc_client_id }}'
            --secret '{{ password.oidc_client_secret }}'
      register: result
      changed_when: 'result.rc == 0'
      failed_when: 'result.rc != 0 and "login source already exists" not in result.stderr'

- name: Get forgejo-runner user
  user:
    name: forgejo-runner
  register: user_info

- name: Configure subuid
  lineinfile:
    path: /etc/subuid
    line: '{{ user_info.name }}:{{ user_info.uid }}00000:65536'
    regexp: '^{{ user_info.name }}:'

- name: Configure subgid
  lineinfile:
    path: /etc/subgid
    line: '{{ user_info.name }}:{{ user_info.group }}00000:65536'
    regexp: '^{{ user_info.name }}:'

- name: Create podman service for forgejo-runner
  file:
    path: /etc/init.d/podman.forgejo-runner
    src: podman
    state: link

- name: Configure podman service for forgejo-runner
  copy:
    dest: /etc/conf.d/podman.forgejo-runner
    content: podman_user="forgejo-runner"

- name: Configure forgejo-runner
  template:
    dest: /etc/forgejo-runner/config.yaml
    src: config.yaml.j2
    owner: forgejo-runner
    group: forgejo-runner
    mode: 0600
  notify: restart forgejo-runner

- name: Check runner registration
  stat:
    path: /var/lib/forgejo-runner/.runner
  register: runner_config

- name: Register runner
  when: not runner_config.stat.exists
  notify: restart forgejo-runner
  block:
    - name: Get runner token
      become: yes
      become_user: forgejo
      command: forgejo actions generate-runner-token
      register: token

    - name: Register runner
      become: yes
      become_user: forgejo-runner
      become_flags: '-s /bin/sh -l'
      command: |
        forgejo-runner register --no-interactive --name runner
            --instance https://git.fri.uni-lj.si
            --token '{{ token.stdout }}'

- name: Enable forgejo-runner services
  service:
    name: '{{ item }}'
    state: started
    enabled: yes
  loop:
    - forgejo-runner
    - podman.forgejo-runner