- hosts: all
  become: yes
  tags: [never, init]
  vars_files:
    - "vars/vault.yml"

  collections:
    - ansible.builtin.apt
    - ansible.builtin.apt_key
    - ansible.builtin.git
    - ansible.builtin.group
    - ansible.builtin.hostname
    - ansible.builtin.lineinfile
    - ansible.builtin.pip
    - ansible.builtin.reboot
    - ansible.builtin.user
    - ansible.posix.authorized_key
    - ansible.posix.mount
    - ansible.builtin.command
    - ansible.builtin.apt_repository
    - ansible.builtin.dpkg_selections

  pre_tasks:
    - include_tasks: tasks/users.yml
      with_items: "{{ users }}"
      loop_control:
        loop_var: user

    - name: Change hostname
      when: "set_hostname is defined"
      register: new_hostname
      ansible.builtin.hostname:
        name: "{{ set_hostname }}"

    - name: Change hostname in hosts
      when: new_hostname.changed
      ansible.builtin.lineinfile:
        path: /etc/hosts
        regexp: '^127\.0\.0\.1 localhost'
        line: "127.0.0.1 localhost {{ set_hostname }}"
        owner: root
        group: root
        mode: "0644"

    - name: Reboot the server
      ansible.builtin.reboot:
        msg: "Reboot initiated by Ansible due to hostname change"
        connect_timeout: 5
        reboot_timeout: 300
        pre_reboot_delay: 2
        post_reboot_delay: 30
        test_command: uptime
      when: new_hostname.changed

    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: true
        cache_valid_time: 1

  roles:
    - role: geerlingguy.ntp
    - role: geerlingguy.security

  tasks:
    - name: Install packages
      ansible.builtin.apt:
        name: "{{ item.name | default(omit) }}"
        state: latest
        default_release: "{{ item.default_release | default(omit) }}"
      with_items:
        - "{{package_list}}"

- hosts: docker
  become: yes
  tags: [docker]
  vars_files:
    - "vars/vault.yml"
  post_tasks:
    - name: Install pip packages
      ansible.builtin.pip:
        name:
          - docker

    - name: Get DEB architecture
      shell: dpkg --print-architecture
      register: deb_architecture

    - name: Create plugin directory if not present
      ansible.builtin.file:
        path: "/home/{{ item.username }}/.docker/cli-plugins/"
        state: directory
        owner: "{{ item.username }}"
        group: "{{ item.groupname }}"
        mode: "0775"
      loop: "{{ docker_users_obj }}"

    - name: Install compose plugin
      ansible.builtin.get_url:
        url: "https://github.com/docker/compose-cli/releases/download/v2.0.0-rc.1/docker-compose-linux-{{ deb_architecture.stdout }}"
        dest: "/home/{{ item.username }}/.docker/cli-plugins/docker-compose"
        mode: "0755"
        owner: "{{ item.username }}"
        group: "{{ item.groupname }}"
      loop: "{{ docker_users_obj }}"

  roles:
    - role: geerlingguy.docker

- hosts: kube
  become: yes
  tags: [never, init, kube]
  vars_files:
    - "vars/vault.yml"
  tasks:
    - name: Disable SWAP
      # ansible.builtin.comman
      command: swapoff -a

    - name: Remove swapfile from /etc/fstab
      ansible.posix.mount:
        name: "{{ item }}"
        fstype: swap
        state: absent
      with_items:
        - swap

    - name: Add Apt signing key Google
      ansible.builtin.apt_key:
        url: "{{ item }}"
        state: present
      loop:
        - https://packages.cloud.google.com/apt/doc/apt-key.gpg

    - name: Add repo for kubernetes
      ansible.builtin.apt_repository:
        filename: kubernetes
        repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
        mode: "0666"
        update_cache: yes

    - name: Install packages
      ansible.builtin.apt:
        name: "{{ item }}={{ kube_ver }}"
        state: present
      with_items:
        - kubelet
        - kubeadm
        - kubectl

    - name: Hold kubernetes version
      become: yes
      ansible.builtin.dpkg_selections:
        name: "{{ item }}"
        selection: "hold"
      with_items:
        - kubelet
        - kubeadm
        - kubectl

- hosts: piholes
  vars_files:
    - "vars/vault.yml"
  tags: [update, pihole]
  roles:
    - role: pihole_updatelist
    - role: pi_dnsmasq
    - role: pihole

- hosts: all
  become: yes
  tags: [update]
  vars_files:
    - "vars/vault.yml"

  tasks:
    # https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
    - name: Update packages
      ansible.builtin.apt:
        update_cache: "True"
        force_apt_get: "True"
        cache_valid_time: 3600
        upgrade: "True"

    - name: Remove ubuntu motd spam
      ansible.builtin.file:
        path: "/etc/update-motd.d/{{ item }}"
        state: absent
      loop:
        - 10-help-text
        - 50-landscape-sysinfo
        - 50-motd-news
        - 80-livepatch
        - 90-updates-available
        - 95-hwe-eol
      when: ansible_distribution == 'Ubuntu'

    - name: Check if pi-hole is installed
      when: inventory_hostname in groups['piholes']
      stat:
        path: "/usr/local/bin/pihole"
      register: pihole_exec

    - name: Update PiHole
      when: inventory_hostname in groups['piholes'] and pihole_exec.stat.exists
      become: true
      ansible.builtin.command:
        argv:
          - pihole
          - -up

    - name: Check if a reboot is needed for Debian and Ubuntu boxes
      register: reboot_required_file
      stat:
        path: /var/run/reboot-required
        get_md5: no

    - name: Reboot the server
      throttle: 1
      ansible.builtin.reboot:
        msg: "Reboot initiated by Ansible due to kernel updates"
        connect_timeout: 5
        reboot_timeout: 300
        pre_reboot_delay: 0
        post_reboot_delay: 30
        test_command: uptime
      when: reboot_required_file.stat.exists