- name: Setup gitlab runner on the Jumphost
  hosts: jumphost
  become: true
  ignore_errors: "{{ ansible_check_mode }}"
  vars: {}
  tasks:

    - name: ensure libguestfs-tools-c is installed
      dnf:
        name: libguestfs-tools-c
        state: present

    - name: ensure ssh key directory exists
      file:
        path: /root/.ssh
        state: directory
        mode: '0700'

    - name: generate ssh keypair
      openssh_keypair:
        path: /root/.ssh/id_rsa
        type: rsa
        size: 2048
        mode: '0600'
        force: no

    - name: set correct permissions for public key
      file:
        path: /root/.ssh/id_rsa.pub
        mode: '0644'

    - name: check if gitlab runner base image exists
      stat:
        path: /var/lib/libvirt/images/gitlab-runner-base.qcow2
      register: gitlab_runner_image

    - name: build gitlab runner base image with virt-builder
      command: >
        virt-builder debian-11
        --size 8G
        --output /var/lib/libvirt/images/gitlab-runner-base.qcow2
        --format qcow2
        --hostname gitlab-runner-bullseye
        --network
        --install curl
        --run-command 'curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | bash'
        --run-command 'curl -s "https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh" | bash'
        --run-command 'useradd -m -p "" gitlab-runner -s /bin/bash'
        --install gitlab-runner,git,git-lfs,openssh-server
        --run-command "git lfs install --skip-repo"
        --ssh-inject gitlab-runner:file:/root/.ssh/id_rsa.pub
        --run-command "echo 'gitlab-runner ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers"
        --run-command "sed -E 's/GRUB_CMDLINE_LINUX=\"\"/GRUB_CMDLINE_LINUX=\"net.ifnames=0 biosdevname=0\"/' -i /etc/default/grub"
        --run-command "grub-mkconfig -o /boot/grub/grub.cfg"
        --run-command "echo 'auto eth0' >> /etc/network/interfaces"
        --run-command "echo 'allow-hotplug eth0' >> /etc/network/interfaces"
        --run-command "echo 'iface eth0 inet dhcp' >> /etc/network/interfaces"
        --root-password password:{{ gitlab_runner_root_password }}
      when: not gitlab_runner_image.stat.exists
    
    - name: create the /opt/libvirt-driver/ directory
      file:
        path: /opt/libvirt-driver
        state: directory
        owner: root
        group: root
        mode: '0755'

    - name: copy base.sh script
      copy:
        src: base.sh
        dest: /opt/libvirt-driver/base.sh
        mode: '0755'
        owner: root
        group: root

    - name: copy prepare.sh script
      copy:
        src: prepare.sh
        dest: /opt/libvirt-driver/prepare.sh
        mode: '0755'
        owner: root
        group: root

    - name: copy run.sh script
      copy:
        src: run.sh
        dest: /opt/libvirt-driver/run.sh
        mode: '0755'
        owner: root
        group: root

    - name: copy cleanup.sh script
      copy:
        src: cleanup.sh
        dest: /opt/libvirt-driver/cleanup.sh
        mode: '0755'
        owner: root
        group: root

    - name: Download GitLab Runner install script
      get_url:
        url: https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh
        dest: /tmp/gitlab-runner-install.sh
        mode: '0755'

    - name: Run GitLab Runner install script
      command: /tmp/gitlab-runner-install.sh

    - name: Import GitLab Runner GPG key
      rpm_key:
        key: https://packages.gitlab.com/runner/gitlab-runner/gpgkey/runner-gitlab-runner-49F16C5CC3A0F81F.pub.gpg
        state: present

    - name: Install GitLab Runner
      dnf:
        name: gitlab-runner
        state: present

    - name: delete existing gitlab-runner config.toml file
      file:
        path: /etc/gitlab-runner/config.toml
        state: absent

    - name: Register GitLab Runner non-interactively
      command: >
        gitlab-runner register
        --non-interactive
        --url "https://git.phoenix-systems.ch"
        --registration-token "{{ GITLAB_RUNNER_TOKEN }}" 
        --executor "custom"

    - name: read the existing config.toml
      slurp:
        path: /etc/gitlab-runner/config.toml
        register: runner_config_raw

    - name: extract runner id and tokens from the existing config
      set_fact:
        runner_id: "{{ runner_config_raw.content | regex_search('id = ([0-9]+)', '\\1') }}"
        runner_token: "{{ runner_config_raw.content | regex_search('token = \"([^\"]+)\"', '\\1') }}"
        token_obtained_at: "{{ runner_config_raw.content | regex_search('token_obtained_at = (.+)', '\\1') }}"
        token_expires_at: "{{ runner_config_raw.content | regex_search('token_expires_at = (.+)', '\\1') }}"

    - name: render the config.toml template for gitlab-runner with extracted values
      template:
        src: config.toml.j2
        dest: /etc/gitlab-runner/config.toml
      vars:
        runner_name: "jumphost-runner"
        gitlab_url: "https://git.phoenix-systems.ch"
        runner_id: "{{ runner_id }}"
        runner_token: "{{ runner_token }}"
        token_obtained_at: "{{ token_obtained_at }}"
        token_expires_at: "{{ token_expires_at }}"
        builds_dir: "/srv/builder/gitlab-runner/builds"
        cache_dir: "/srv/builder/gitlab-runner/cache"
        runner_description: "jumphost-runner"
        runner_tags: '"kvant"'
        run_untagged: true
        locked: false
        custom_prepare_exec: "/opt/libvirt-driver/prepare.sh"
        custom_run_exec: "/opt/libvirt-driver/run.sh"
        custom_cleanup_exec: "/opt/libvirt-driver/cleanup.sh"
     
    - name: Start GitLab Runner if config exists
      command: gitlab-runner run --config /etc/gitlab-runner/config.toml
      async: 3600
      poll: 0
      tags: run_gitlab_runner