---
# This playbook contains common plays that will be run on all nodes.

### tags:
###   local_ssh_config
###   users
###   install
###   config

- name: "Send mattermost messsge"
  uri:
    url: "{{ mattermost_hook_smardigo }}"
    method: POST
    body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}"
    body_format: json
    headers:
      Content-Type: "application/json"
  delegate_to: 127.0.0.1
  become: false
  when:
    - send_status_messages

- name: 'Insert/Update ssh config in ~/.ssh/config'
  blockinfile:
    marker: '# {mark} managed by ansible (ssh config for {{ inventory_hostname }})'
    path: '~/.ssh/config'
    create: yes
    block: |
      Host {{ inventory_hostname }}
        HostName {{ stage_server_ip }}
  when:
    - local_ssh_config
  delegate_to: 127.0.0.1
  become: false
  throttle: 1
  tags:
    - local_ssh_config

- name: "Set hostname to <{{ stage_server_hostname }}>"
  hostname:
    name: "{{ stage_server_hostname }}"

- name: "Setting hosts configuration in /etc/hosts"
  blockinfile:
    marker: "# {mark} managed by ansible (hosts config for {{ stage_server_hostname }})"
    path: "/etc/hosts"
    state: present
    create: yes
    block: |
      {% for host in shared_service_hosts %}
      {{ host.ip }} {{ host.name }}
      {% endfor %}

- name: "Read current users"
  shell: "getent passwd | awk -F: '$3 > 999 {print $1}'"
  register: current_users
  changed_when: false
  tags:
    - users

- name: "Remove outdated users"
  user: name={{item}} state=absent remove=yes
  with_items: "{{ current_users.stdout_lines }}"
  when: not ((item in default_plattform_users) or (item in smardigo_plattform_users))
  tags:
    - users

- name: "Create users"
  user:
    name: '{{ item }}'
    groups: '{{ sudo_group }}'
    shell: '/bin/bash'
    state: present
    append: yes
  loop: '{{ smardigo_plattform_users }}'
  loop_control:
    index_var: index
  tags:
    - users

# TODO check usage of key_options "no-agent-forwarding, no-agent-forwarding, no-X11-forwarding"
- name: "Set up authorized users"
  ansible.posix.authorized_key:
    user: '{{ item }}'
    state: present
    exclusive: true
    key: "{{ lookup('file', '{{ playbook_dir }}/users/{{ item }}/id_rsa.pub') }}"
  loop: '{{ smardigo_plattform_users | difference(["elastic"]) }}'
  tags:
    - users

- name: "Ensure docker configuration directory exists"
  file:
    path: '/home/{{ item }}/.docker/'
    state: directory
    owner: '{{ item }}'
    group: '{{ item }}'
  loop: '{{ smardigo_plattform_users }}'
  tags:
    - users

- name: "Insert/Update docker configuration"
  template:
    src: 'configs/docker/config.json.j2'
    dest: '/home/{{ item }}/.docker/config.json'
    owner: '{{ item }}'
    group: '{{ item }}'
    mode: 0600
  loop: '{{ smardigo_plattform_users }}'
  tags:
    - users
    - config

- name: "Install common dependencies"
  apt:
    name: [
     'mc',
     'vim',
     'zip',
     'curl',
     'htop',
     'net-tools',
     'bash-completion',
    ]
    state: 'present'
  when: ansible_distribution == "Ubuntu"
  tags:
    - install

- name: Download docker-compose bash completion
  get_url:
    url: https://raw.githubusercontent.com/docker/cli/v20.10.6/contrib/completion/bash/docker
    dest: /usr/share/bash-completion/docker
    mode: '644'
  tags:
    - install

- name: Download docker-compose bash completion
  get_url:
    url: https://raw.githubusercontent.com/docker/compose/1.29.1/contrib/completion/bash/docker-compose
    dest: /usr/share/bash-completion/docker-compose
    mode: '644'
  tags:
    - install

- name: "Upgrade all packages"
  apt:
    name: '*'
    state: latest
  tags:
    - install
  when: ansible_distribution == "Ubuntu"

- name: "Ensure docker configuration directory exists"
  file:
    path: '/root/.docker/'
    state: directory
    owner: 'root'
    group: 'root'
  tags:
    - config

- name: "Insert/Update docker configuration"
  template:
    src: 'configs/docker/config.json.j2'
    dest: '/root/.docker/config.json'
    owner: 'root'
    group: 'root'
    mode: 0600
  tags:
    - config

- name: "Ensure docker daemon configuration directory exists"
  file:
    path: '/etc/docker'
    state: directory
    owner: 'root'
    group: 'root'
  tags:
    - config

- name: "Ensure docker daemon configuration directory exists"
  file:
    path: '/etc/docker'
    state: directory
    owner: 'root'
    group: 'root'
  tags:
    - config

- name: "Insert/Update docker daemon configuration"
  template:
    src: 'configs/docker/daemon.json.j2'
    dest: '/etc/docker/daemon.json'
    owner: 'root'
    group: 'root'
    mode: 0600
  tags:
    - config

- name: "Check docker networks"
  include_role:
    name: _docker
    tasks_from: networks

- name: sshd configuration file update
  template:
    src: 'configs/sshd/sshd_config.j2'
    dest: '/etc/ssh/sshd_config.new'
    owner: 'root'
    group: 'root'
    mode: 0644
  notify:
    - restart ssh

# elasticsearch production mode requirements
- name: "Set vm.max_map_count"
  sysctl:
    name: vm.max_map_count
    value: '262144'
    sysctl_set: yes
    state: present
  tags:
    - config

# elasticsearch production mode requirements
- name: "Set fs.file-max"
  sysctl:
    name: fs.file-max
    value: '65536'
    sysctl_set: yes
    state: present
  tags:
    - config

- name: "Send mattermost messsge"
  uri:
    url: "{{ mattermost_hook_smardigo }}"
    method: POST
    body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}"
    body_format: json
    headers:
      Content-Type: "application/json"
  delegate_to: 127.0.0.1
  become: false
  when:
    - send_status_messages