- hosts: all
  become: "{{ do_become }}"
  tags:
    - always
  vars_files:
    - "vars/vault.yml"
  tasks:
    - name: Get dpkg arch
      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
      ansible.builtin.shell: dpkg --print-architecture
      register: _apt_arch
      changed_when: false

- hosts: all:!unifi
  become: "{{ do_become }}"
  tags: [never, init]
  vars_files:
    - "vars/vault.yml"

  pre_tasks:
    - include_tasks: tasks/users.yml
      with_items: "{{ users }}"
      loop_control:
        loop_var: user

    - name: Change hostname
      when: "set_hostname is defined"
      register: new_hostname
      ansible.builtin.hostname:
        name: "{{ set_hostname }}"

    - name: Change hostname in hosts
      when: new_hostname.changed
      ansible.builtin.lineinfile:
        path: /etc/hosts
        regexp: '^127\.0\.0\.1 localhost'
        line: "127.0.0.1 localhost {{ set_hostname }}"
        owner: root
        group: root
        mode: "0644"

    - name: Reboot the server
      ansible.builtin.reboot:
        msg: "Reboot initiated by Ansible due to hostname change"
        connect_timeout: 5
        reboot_timeout: 300
        pre_reboot_delay: 2
        post_reboot_delay: 30
        test_command: uptime
      when: new_hostname.changed

    - include_tasks: tasks/remove_prox_ee_apt.yml
      when: inventory_hostname in groups['prox']

    - name: Update apt cache
      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
      ansible.builtin.apt:
        update_cache: true
        cache_valid_time: 1

  roles:
    - role: geerlingguy.ntp
    - role: geerlingguy.security
      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
  tasks:
    - name: Install packages
      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
      ansible.builtin.apt:
        name: "{{ item.name | default(omit) }}"
        state: latest
        default_release: "{{ item.default_release | default(omit) }}"
      with_items:
        - "{{package_list}}"

    - name: Install pip packages
      ansible.builtin.pip:
        name:
          - github3.py

- hosts: docker
  become: "{{ do_become }}"
  tags:
    - docker
  vars_files:
    - "vars/vault.yml"
  post_tasks:
    - name: Install pip packages
      ansible.builtin.pip:
        name:
          - docker

    - name: Create plugin directory if not present
      ansible.builtin.file:
        path: "/home/{{ item.username }}/.docker/cli-plugins/"
        state: directory
        owner: "{{ item.username }}"
        group: "{{ item.groupname }}"
        mode: "0775"
      loop: "{{ docker_users_obj }}"

    - name: Get latest release of a public repository
      community.general.github_release:
        user: docker
        repo: compose
        action: latest_release
      register: comp_cli

    - name: Install compose plugin
      ansible.builtin.get_url:
        url: "https://github.com/docker/compose/releases/download/{{comp_cli.tag}}/docker-compose-linux-{{ ansible_architecture }}"
        dest: "/home/{{ users.0.username }}/.docker/cli-plugins/docker-compose"
        mode: "0755"
        owner: "{{ users.0.username }}"
        group: "{{ users.0.groupname }}"

  roles:
    - role: geerlingguy.docker
      when: ansible_distribution == 'Ubuntu'

- hosts: kube
  tags:
    - init
    - kube
    - never
  vars_files:
    - "vars/vault.yml"
  tasks:
    - name: Install runtime dependencies
      become: "{{ do_become }}"
      ansible.builtin.apt:
        name: "{{ item }}"
        state: present
      with_items:
        - fuse-overlayfs
        - nfs-common
        - open-iscsi
    - name: Include Containerd role
      include_role:
        name: geerlingguy.containerd
        apply:
          become: "{{ do_become }}"
    - name: Include Docker role
      include_role:
        name: geerlingguy.docker
        apply:
          become: "{{ do_become }}"
    - name: Include Kubernetes role
      include_role:
        name: kubernetes
    - name: Include ZFS role
      when: inventory_hostname in groups['zfs']
      include_role:
        name: zfs
    - name: Include NFS role
      when: inventory_hostname in groups['nfs']
      include_role:
        name: geerlingguy.nfs
        apply:
          become: "{{ do_become }}"

- hosts: prox
  vars_files:
    - "vars/vault.yml"
  tags:
    - prox
    - update
  roles:
    - role: ironicbadger_ansible-role-proxmox-nag-removal
    - role: proxmox

- hosts: raspberries
  vars_files:
    - "vars/vault.yml"
  tags:
    - init
    - raspberries
    - update
  tasks:
    - name: Install packages
      become: "{{ do_become }}"
      ansible.builtin.apt:
        name: libraspberrypi-bin

    - name: Place PoE fan file
      become: "{{ do_become }}"
      ansible.builtin.copy:
        content: |
          # Ansible managed

          dtoverlay=rpi-poe
          dtparam=poe_fan_temp0=57000
          dtparam=poe_fan_temp1=60000
          dtparam=poe_fan_temp2=63000
          dtparam=poe_fan_temp3=66000

          dtoverlay=vc4-fkms-v3d
        dest: /boot/firmware/usercfg.txt

- hosts: piholes
  vars_files:
    - "vars/vault.yml"
  tags:
    - pihole
    - update
  roles:
    - role: pihole_updatelist
    - role: pi_dnsmasq
    - role: pihole

# - hosts: usg
#   vars_files:
#     - "vars/vault.yml"
#     - "vars/wireguard.yml"
#   tags: [network, ubnt]
#   roles:
#     - role: usg

# - hosts: cloud_key
#   vars_files:
#     - "vars/vault.yml"
#     - "vars/wireguard.yml"
#   tags: [network, ubnt]
#   roles:
#     - role: cloud_key

- hosts: all:!unifi
  become: "{{ do_become }}"
  tags:
    - init
    - update
  vars_files:
    - "vars/vault.yml"

  tasks:
    # https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
    - name: Update packages
      when: ansible_distribution == 'Ubuntu'
      ansible.builtin.apt:
        update_cache: "True"
        force_apt_get: "True"
        cache_valid_time: 3600
        upgrade: "True"

    - name: Remove ubuntu motd spam
      ansible.builtin.file:
        path: "/etc/update-motd.d/{{ item }}"
        state: absent
      loop:
        - 10-help-text
        - 10-uname
        - 50-landscape-sysinfo
        - 50-motd-news
        - 80-livepatch
        - 88-esm-announce
        - 90-updates-available
        - 91-contract-ua-esm-status
        - 91-release-upgrade
        - 92-unattended-upgrades
        - 95-hwe-eol
      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'

    - name: Place MoTD
      become: "{{ do_become }}"
      when: ansible_distribution == 'Ubuntu'
      ansible.builtin.copy:
        content: |
          #!/bin/sh
          # Ansible managed

          neofetch
        mode: 0755
        dest: /etc/update-motd.d/01-neofetch

    - name: Check if pi-hole is installed
      when: inventory_hostname in groups['piholes']
      ansible.builtin.stat:
        path: "/usr/local/bin/pihole"
      register: pihole_exec

    - name: Update PiHole
      when: inventory_hostname in groups['piholes'] and pihole_exec.stat.exists
      become: "{{ do_become }}"
      ansible.builtin.command:
        argv:
          - pihole
          - -up

    - name: Install and update chezmoi
      include_tasks: tasks/omp.yml

    - include_tasks: tasks/remove_prox_ee_apt.yml
      when: inventory_hostname in groups['prox']

    - name: Check if a reboot is needed for Debian and Ubuntu boxes
      register: reboot_required_file
      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
      ansible.builtin.stat:
        path: /var/run/reboot-required
        get_md5: no

    - name: Reboot the server
      throttle: 1
      when: reboot_required_file.stat.exists and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian')
      ansible.builtin.reboot:
        msg: "Reboot initiated by Ansible due to kernel updates"
        connect_timeout: 5
        reboot_timeout: 300
        pre_reboot_delay: 0
        post_reboot_delay: 30
        test_command: uptime