---

### tags:
###   users
###   install
###   upgrade
###   config
###   update_etc_hosts
###   root_authorized_keys

- name: "Set hostname to <{{ inventory_hostname }}>"
  hostname:
    name: "{{ inventory_hostname }}"

- name: "Setting hosts configuration in /etc/hosts"
  blockinfile:
    marker: "# {mark} managed by ansible (hosts config for {{ inventory_hostname }})"
    path: "/etc/hosts"
    state: present
    create: yes
    block: |
      {% for host in shared_service_hosts %}
      {{ host.ip }} {{ host.name }}
      {% endfor %}
  tags:
    - update_etc_hosts

- name: "Adding authorized keys for root"
  ansible.posix.authorized_key:
    user: root
    state: present
    key: "{{ lookup('file', 'users/' + item + '/ssh.pub') }}"
  loop: '{{ smardigo_plattform_users }}'
  tags:
    - never
    - root_authorized_keys

- name: "Removing outdated authorized keys for root"
  ansible.posix.authorized_key:
    user: root
    state: absent
    key: "{{ lookup('file', 'users/outdated/' + item.path) }}"
  with_filetree: "users/outdated"
  tags:
    - never
    - root_authorized_keys

- name: "Read current users"
  shell: "getent passwd | awk -F: '$3 > 999 {print $1}'"
  register: current_users
  changed_when: false
  tags:
    - users

- name: "Remove outdated users"
  user: name={{item}} state=absent remove=yes
  with_items: "{{ current_users.stdout_lines }}"
  when: not ((item in default_plattform_users) or (item in smardigo_plattform_users))
  tags:
    - users

- name: "Create users"
  user:
    name: '{{ item }}'
    groups: '{{ sudo_group }}'
    shell: '/bin/bash'
    state: present
    append: yes
  loop: '{{ smardigo_plattform_users }}'
  loop_control:
    index_var: index
  tags:
    - users

# TODO check usage of key_options "no-agent-forwarding, no-agent-forwarding, no-X11-forwarding"
- name: "Set up authorized users"
  ansible.posix.authorized_key:
    user: '{{ item }}'
    state: present
    exclusive: true
    key: "{{ lookup('file', '{{ playbook_dir }}/users/{{ item }}/ssh.pub') }}"
  loop: '{{ smardigo_plattform_users | difference(["elastic"]) }}'
  tags:
    - users

- name: "Ensure docker configuration directory exists"
  file:
    path: '/home/{{ item }}/.docker/'
    state: directory
    owner: '{{ item }}'
    group: '{{ item }}'
  loop: '{{ smardigo_plattform_users }}'
  when: docker_enabled
  tags:
    - users
    - config

- name: "Insert/Update docker configuration"
  template:
    src: 'configs/docker/config.json.j2'
    dest: '/home/{{ item }}/.docker/config.json'
    owner: '{{ item }}'
    group: '{{ item }}'
    mode: 0600
  loop: '{{ smardigo_plattform_users }}'
  when: docker_enabled
  tags:
    - users
    - config

- name: "Install common dependencies"
  apt:
    name: [
     'mc',
     'vim',
     'zip',
     'curl',
     'htop',
     'net-tools',
     'bash-completion',
    ]
    state: 'present'
  when: ansible_distribution == "Ubuntu"
  tags:
    - install

- name: 'Ensures </etc/bash_completion.d> directory exists'
  file:
    state: directory
    path: '/etc/bash_completion.d'
  tags:
    - install

- name: "Download docker bash completion"
  ansible.builtin.get_url:
    url: https://raw.githubusercontent.com/docker/cli/v20.10.6/contrib/completion/bash/docker
    dest: /etc/bash_completion.d/docker
    mode: '644'
  when: docker_enabled
  tags:
    - install

- name: "Download docker-compose bash completion"
  ansible.builtin.get_url:
    url: "https://raw.githubusercontent.com/docker/compose/{{ docker_compose_version }}/contrib/completion/bash/docker-compose"
    dest: "/etc/bash_completion.d/docker-compose"
    mode: '644'
  when: docker_enabled
  tags:
    - install

- name: "Upgrade all packages"
  apt:
    name: '*'
    state: latest
  tags:
    - install
    - upgrade
  when: ansible_distribution == "Ubuntu"

- name: "Ensure docker configuration directory exists"
  file:
    path: '/root/.docker/'
    state: directory
    owner: 'root'
    group: 'root'
  when: docker_enabled
  tags:
    - config

- name: "Insert/Update docker configuration"
  template:
    src: 'configs/docker/config.json.j2'
    dest: '/root/.docker/config.json'
    owner: 'root'
    group: 'root'
    mode: 0600
  when: docker_enabled
  tags:
    - config

- name: "Ensure docker daemon configuration directory exists"
  file:
    path: '/etc/docker'
    state: directory
    owner: 'root'
    group: 'root'
  when: docker_enabled
  tags:
    - config

- name: "Ensure docker daemon configuration directory exists"
  file:
    path: '/etc/docker'
    state: directory
    owner: 'root'
    group: 'root'
  when: docker_enabled
  tags:
    - config

- name: "Insert/Update docker daemon configuration"
  template:
    src: 'configs/docker/daemon.json.j2'
    dest: '/etc/docker/daemon.json'
    owner: 'root'
    group: 'root'
    mode: 0600
  when: docker_enabled
  tags:
    - config

- name: "Check docker networks"
  include_role:
    name: _docker
    tasks_from: networks

- name: sshd configuration file update
  template:
    src: 'configs/sshd/sshd_config.j2'
    dest: '/etc/ssh/sshd_config.new'
    owner: 'root'
    group: 'root'
    mode: 0644
  notify:
    - restart ssh

# elasticsearch production mode requirements
- name: "Set vm.max_map_count"
  sysctl:
    name: vm.max_map_count
    value: '262144'
    sysctl_set: yes
    state: present
  tags:
    - config

# elasticsearch production mode requirements
- name: "Set fs.file-max"
  sysctl:
    name: fs.file-max
    value: '65536'
    sysctl_set: yes
    state: present
  tags:
    - config