feat(system/cockpit): implement Cockpit role

Signed-off-by: Matej Focko <me@mfocko.xyz>

roles/system/cockpit/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# Boolean variable that adjust the Cockpit config when it's being served via
+# reverse proxy (adjusts the origin, so that the Cockpit doesn't drop sessions,
+# and checks for SSL/TLS connections)
+system_cockpit_has_reverse_proxy: false

roles/system/cockpit/tasks/install.yml

@@ -0,0 +1,5 @@
+---
+- name: Install cockpit
+  ansible.builtin.package:
+    name: cockpit
+    state: present

roles/system/cockpit/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+- name: Packages
+  ansible.builtin.include_tasks: install.yml
+  tags: install
+
+- name: Install config to enable reverse proxy
+  ansible.builtin.template:
+    src: templates/cockpit.conf
+    dest: /etc/cockpit/cockpit.conf
+    mode: 0644
+    owner: root
+    group: root
+  when: system_cockpit_has_reverse_proxy
+
+- name: Enable cockpit
+  ansible.builtin.service:
+    name: "cockpit.socket"
+    enabled: true
+    state: restarted

roles/system/cockpit/templates/cockpit.conf

@@ -0,0 +1,3 @@
+[WebService]
+Origins = https://cockpit.{{ host_fqdn }} wss://cockpit.{{ host_fqdn }}
+ProtocolHeader = X-Forwarded-Proto