Add ssl_certs_enabled variable and use it to avoid ssl certs when running on vagrant

It doesn't work when deploying in Vagrant :(

Vagrantfile

@@ -1,25 +1,18 @@
 Vagrant.require_version ">= 1.7.0"
 
 Vagrant.configure(2) do |config|
-
+  config.vm.network "forwarded_port", guest: 19022, host: 19022, id: "new_ssh"
   config.vm.define "datacoop" do |datacoop|
-    datacoop.vm.box = "ubuntu/bionic64"
+    datacoop.vm.box = "ubuntu/focal64"
     datacoop.vm.hostname = "datacoop"
     datacoop.vm.provider "virtualbox" do |v|
       v.memory = 4096
     end
-    datacoop.vm.network "private_network", ip: "192.168.0.42"
     datacoop.vm.provision "ansible" do |ansible|
-      ansible.verbose = "v"
       ansible.compatibility_mode = "2.0"
       ansible.playbook = "playbook.yml"
       ansible.ask_vault_pass = true
-      ansible.host_vars = {
-        "datacoop" => {"ansible_python_interpreter" => "/usr/bin/python3.6"}
-      }
-      ansible.groups = {
-        "all" => ["datacoop"]
-      }
+      ansible.verbose = "v"
     end
   end
 end

playbook.yml

@@ -1,19 +1,22 @@
 ---
 - hosts: all
-  gather_facts: False
+  gather_facts: true
   become: true
   vars:
     base_domain: data.coop
     letsencrypt_email: admin@data.coop
     ldap_dn: "dc=data,dc=coop"
 
+    vagrant: "{{ ansible_virtualization_role == 'guest' }}"
+    ssl_certs_enabled: "{{ vagrant == false }}"
+
     services:
       - nginx-proxy
+      - postfix
       - openldap
       - nextcloud
       - passit
       - gitea
-      - postfix
       - matrix_riot
       - privatebin
       - codimd
@@ -36,6 +39,6 @@
     - import_role:
         name: ubuntu_base
       tags:
-      - base_only
+        - base_only
     - import_role:
         name: docker

roles/docker/tasks/services/docker_registry.yml

@@ -28,9 +28,8 @@
   args:
     creates: "{{ docker_registry.volume_folder }}/auth/htpasswd"
 
-- name: log in to local registry
+- name: log in to registry
   docker_login:
     registry: "{{ docker_registry.domain }}"
     username: "docker"
     password: "{{ docker_password }}"
-    config_path: "{{ docker_registry.volume_folder }}/auth/config.json"

roles/docker/tasks/services/mailu.yml

@@ -28,7 +28,7 @@
     dest: "{{ mailu.volume_folder }}/certs/cert.pem"
     state: hard
     force: yes
-
+  when: ssl_certs_enabled
 
 - name: hard link to Let's Encrypt TLS key
   file:
@@ -36,6 +36,7 @@
     dest: "{{ mailu.volume_folder }}/certs/key.pem"
     state: hard
     force: yes
+  when: ssl_certs_enabled
 
 - name: run mail server containers
   docker_compose:

roles/docker/tasks/services/nginx-proxy.yml

@@ -44,4 +44,5 @@
       - /var/run/docker.sock:/var/run/docker.sock:ro
     env:
       NGINX_PROXY_CONTAINER: nginx-proxy
+  when: ssl_certs_enabled
 

roles/ubuntu_base/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart sshd
+  service:
+    name: sshd
+    state: restarted

roles/ubuntu_base/tasks/base.yml

@@ -4,12 +4,16 @@
     name: "{{ packages }}"
   vars:
     packages:
-    - aptitude
-    - python3-pip
-    - apparmor
-    - haveged
-    - mosh
-    - srvadmin-all # Dell OpenManage
+      - aptitude
+      - python3-pip
+      - apparmor
+      - haveged
+      - mosh
+
+- name: Install Dell OpenManage
+  apt:
+    name: srvadmin-all
+  when: ansible_virtualization_role != "guest"
 
 - name: Install necessary packages via pip
   pip:

roles/ubuntu_base/tasks/dell-apt-repo.yml

@@ -1,15 +1,15 @@
 ---
-- name: import dell apt signing key
+- name: Import dell apt signing key
   apt_key:
     id: "1285491434D8786F"
     keyserver: "keyserver.ubuntu.com"
 
-- name: "configure dell apt repo"
+- name: Configure dell apt repo
   apt_repository:
     repo: "deb https://linux.dell.com/repo/community/openmanage/10101/focal focal main"
-    state: "present"
+    state: present
 
-- name: "restrict dell apt repo"
+- name: Restrict dell apt repo"
   copy:
     dest: "/etc/apt/preferences.d/dell"
     content: |
@@ -17,7 +17,3 @@
       Package: *
       Pin: origin "linux.dell.com"
       Pin-Priority: 400
-  
-- name: update apt cache
-  apt: 
-    update_cache: yes

roles/ubuntu_base/tasks/main.yml

@@ -1,10 +1,12 @@
 ---
-- import_tasks: custom-apt-repos.yml
-  tags: [setup-custom-apt]
+- import_tasks: ssh-port.yml
+  tags: [change-ssh-port]
+- import_tasks: dell-apt-repo.yml
+  tags: [setup-dell-apt-repo]
+  when: vagrant == false
 - import_tasks: upgrade.yml
   tags: [do-full-system-upgrade]
 - import_tasks: base.yml
   tags: [install-base-packages]
 - import_tasks: users.yml
   tags: [setup-users]
-

roles/ubuntu_base/tasks/ssh-port.yml

@@ -0,0 +1,38 @@
+---
+- name: Check if SSH port is already configured
+  wait_for:
+    port: 19022
+    host: "{{ ansible_host }}"
+    search_regex: "OpenSSH"
+    connect_timeout: 5
+    timeout: 10
+  become: false
+  delegate_to: localhost
+  ignore_errors: true
+  register: ssh_configured
+
+# If we're running in Vagrant, ansible_port is 2222
+- name: Change Ansible port to 22 if needed
+  set_fact:
+    ansible_port: 22
+  when: ssh_configured is defined and
+        ssh_configured.state is undefined and
+        ansible_port != 2222
+
+- name: Change SSH port on host
+  lineinfile:
+    dest: "/etc/ssh/sshd_config"
+    regexp: "^#?Port"
+    line: "Port 19022"
+  register: ssh_changed
+  notify: "Restart sshd"
+  when: ssh_configured is defined and
+        ssh_configured.state is undefined
+
+- name: Ensure sshd is reloaded if needed
+  meta: flush_handlers
+
+- name: Change Ansible port to 19022
+  set_fact:
+    ansible_port: 19022
+  when: ssh_changed is defined