## Prepare minimal systemd-nspawn containers for educational use.
##
## Port mapping to the host:
##
##  container 0: ssh → host port 10000,  HTTP → 10100                 
##  container 1: ssh → host port 10001,  HTTP → 10101 
##     ...                        ...            ...
##
##  User '{{ contuser }}' in the sudo group.  Password is '{{ contpwd }}'.
##

- name: stop all containers
  systemd:
    name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service
    state: stopped
  loop: "{{ containers | reverse }}"
  tags:
    - never
    - stop
    - reset
    - purge

- name: purge all containers
  command:
    cmd: machinectl remove {{ contname }}{{ "%02d" | format(item|int) }}
    removes: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}
  loop: "{{ containers | reverse }}"
  tags:
    - never
    - purge

- name: remove container overlay
  file:
    path: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}-delta
    state: absent
  loop: "{{ containers | reverse }}"
  tags:
    - never
    - reset
    - purge

- name: start all containers
  systemd:
    name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service
    state: started
  loop: "{{ containers | reverse }}"
  tags:
    - never
    - start
    - reset

###########

- name: install packages
  apt:
    name:
      - systemd-container
      - debootstrap
    state: latest

- name: debootstrap base system
  command:
    cmd: >
      debootstrap 
      --include={{ cont_packages | join(',') }}
      --components=main,contrib,non-free stable
      {{ contname }}00 http://deb.debian.org/debian
  args:
    chdir: /var/lib/machines/
    creates: /var/lib/machines/{{ contname }}00
  environment: 
    http_proxy: http://localhost:3142
  notify: enable and restart containers

- name: provide complete apt sources
  copy:
    src: /etc/apt/sources.list
    dest: /var/lib/machines/{{ contname }}00/etc/apt/sources.list
    remote_src: yes

- name: configure locale
  lineinfile:
    path: /var/lib/machines/{{ contname }}00/etc/profile
    line: 'export LANG=C'

- name: upgrade container
  command:
    cmd: >
      chroot . sh -c '/usr/bin/apt-get update &&
      /usr/bin/apt-get full-upgrade --yes'
  args:
    chdir: /var/lib/machines/{{ contname }}00

- name: provide {{ contuser }} user account
  command:
    cmd: >
      chroot . sh -c '/usr/sbin/useradd -m -s /bin/bash 
      -c "User {{ contuser }},,," -G sudo {{ contuser }}'
  args:
    chdir: /var/lib/machines/{{ contname }}00
    creates: /var/lib/machines/{{ contname }}00/home/{{ contuser }}
  register: user_account

- name: provide empty password for {{ contuser }} user
  command:
    cmd: chroot . sh -c "passwd -d {{ contuser }}"
  args:
    chdir: /var/lib/machines/{{ contname }}00
  when: user_account.changed | default(false) and contpwd | length == 0

- name: provide password for container {{ contuser }} user
  command:
    cmd: chroot . sh -c "echo {{ contuser }}:{{ contpwd }} | chpasswd"
  args:
    chdir: /var/lib/machines/{{ contname }}00
  when: user_account.changed | default(true) and contpwd | length > 0

- name: allow empty passwords in ssh
  lineinfile:
    path: /var/lib/machines/{{ contname }}00/etc/ssh/sshd_config
    insertafter: '#PermitEmptyPasswords no'
    line: 'PermitEmptyPasswords yes'
  when: user_account.changed | default(false) and contpwd | length == 0

- name: prepare directories
  file:
    path: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item }}
    state: directory
  loop:
    - multi-user.target.wants
    - sockets.target.wants
    - network-online.target.wants
  notify: enable and restart containers

- name: enable systemd-networkd service
  file:
    src: /lib/systemd/system/{{ item.src }}
    dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }}
    state: link
    force: yes
  loop:
    - { src: systemd-networkd.service, dest: dbus-org.freedesktop.network1.service }
    - { src: systemd-networkd.service, dest: multi-user.target.wants/systemd-networkd.service }
    - { src: systemd-networkd.socket, dest: sockets.target.wants/systemd-networkd.socket }
    - { src: systemd-networkd-wait-online.service, dest: network-online.target.wants/systemd-networkd-wait-online.service }
  notify: enable and restart containers

########
- name: prepare sysctl configuration
  file:
    path: /etc/sysctl.d/inotify.conf
    state: touch

- name: fix too many open files error
  sysctl:
    name: fs.inotify.max_user_instances
    value: '1024'
    sysctl_file: /etc/sysctl.d/inotify.conf

- name: generate links to the initial container
  file:
    src: "{{ contname }}00"
    dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}
    state: link
  loop: "{{ containers[1:] }}"
  notify: enable and restart containers

- name: prepare nspawn config directory
  file:
    path: /etc/systemd/nspawn
    state: directory

- name: provide container configuration
  template:
    src: contcfg.nspawn.j2
    dest: /etc/systemd/nspawn/{{ contname}}{{ "%02d" | format(item|int) }}.nspawn
  loop: "{{ containers }}"
  notify: enable and restart containers

- name: provide container hostname file
  template:
    src: hostname.j2
    dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hostname
  loop: "{{ containers }}"
  notify: enable and restart containers

- name: provide container hosts file
  template:
    src: hosts.j2
    dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts
  loop: "{{ containers }}"
  notify: enable and restart containers