---

- name: 'apply setup to {{ host | default("all") }}'
  hosts: '{{ host | default("all") }}'
  serial: "{{ serial_number | default(10) }}"
  strategy: free
  vars:
    ansible_ssh_host: "{{ stage_server_domain }}"
    hetzner_ansible_common_current_version: "{{ lookup('file', 'galaxy-requirements.yml') | regex_search('- name:\\s+hetzner-ansible-common\\s+src:\\s+.*?\\s+scm:\\s+git\\s+version:\\s+(.*)', '\\1') }}"
    hetzner_ansible_node_exporter_current_version: "{{ lookup('file', 'galaxy-requirements.yml') | regex_search('- name:\\s+hetzner-ansible-node-exporter\\s+src:\\s+.*?\\s+scm:\\s+git\\s+version:\\s+(.*)', '\\1') }}"
    hetzner_ansible_filebeat_current_version: "{{ lookup('file', 'galaxy-requirements.yml') | regex_search('- name:\\s+hetzner-ansible-filebeat\\s+src:\\s+.*?\\s+scm:\\s+git\\s+version:\\s+(.*)', '\\1') }}"
    hetzner_ansible_metricbeat_current_version: "{{ lookup('file', 'galaxy-requirements.yml') | regex_search('- name:\\s+hetzner-ansible-metricbeat\\s+src:\\s+.*?\\s+scm:\\s+git\\s+version:\\s+(.*)', '\\1') }}"
    hetzner_ansible_traefik_current_version: "{{ lookup('file', 'galaxy-requirements.yml') | regex_search('- name:\\s+hetzner-ansible-traefik\\s+src:\\s+.*?\\s+scm:\\s+git\\s+version:\\s+(.*)', '\\1') }}"
  remote_user: root
  become: yes

  pre_tasks:
    - name: "Check if ansible version is at least {{ ansible_minimal_version }}"
      assert:
        that:
          - ansible_version.string is version(ansible_minimal_version, ">=")
        msg: "The ansible version has to be at least {{ ansible_minimal_version }}"
      tags:
        - always

    - name: "get hetzner-ansible-common version"
      include_role:
        name: hetzner-ansible-common
        tasks_from: _get_version.yml
      tags:
        - always

    - name: "Check if hetzner-ansible-common version matches"
      assert:
        that:
          - "'{{ hetzner_ansible_common_version }}' in {{ hetzner_ansible_common_current_version }}" 
        msg: "The current hetzner-ansible-common version has to be {{ hetzner_ansible_common_current_version }}"
      tags:
        - always

    - name: "get hetzner-ansible-node-exporter version"
      include_role:
        name: hetzner-ansible-node-exporter
        tasks_from: _get_version.yml
      tags:
        - always

    - name: "Check if hetzner-ansible-node-exporter version matches"
      assert:
        that:
          - "'{{ hetzner_ansible_node_exporter_version }}' in {{ hetzner_ansible_node_exporter_current_version }}" 
        msg: "The current hetzner-ansible-node_exporter version has to be {{ hetzner_ansible_node_exporter_current_version }}"
      tags:
        - always

    - name: "get hetzner-ansible-filebeat version"
      include_role:
        name: hetzner-ansible-filebeat
        tasks_from: _get_version.yml
      tags:
        - always

    - name: "Check if hetzner-ansible-filebeat version matches"
      assert:
        that:
          - "'{{ hetzner_ansible_filebeat_version }}' in {{ hetzner_ansible_filebeat_current_version }}" 
        msg: "The current hetzner-ansible-filebeat version has to be {{ hetzner_ansible_filebeat_current_version }}"
      tags:
        - always


    - name: "get hetzner-ansible-metricbeat version"
      include_role:
        name: hetzner-ansible-metricbeat
        tasks_from: _get_version.yml
      tags:
        - always

    - name: "Check if hetzner-ansible-metricbeat version matches"
      assert:
        that:
          - "'{{ hetzner_ansible_metricbeat_version }}' in {{ hetzner_ansible_metricbeat_current_version }}" 
        msg: "The current hetzner-ansible-metricbeat version has to be {{ hetzner_ansible_metricbeat_current_version }}"
      tags:
        - always

    - name: "get hetzner-ansible-traefik version"
      include_role:
        name: hetzner-ansible-traefik
        tasks_from: _get_version.yml
      tags:
        - always

    - name: "Check if hetzner-ansible-traefik version matches"
      assert:
        that:
          - "'{{ hetzner_ansible_traefik_version }}' in {{ hetzner_ansible_traefik_current_version }}" 
        msg: "The current hetzner-ansible-traefik version has to be {{ hetzner_ansible_traefik_current_version }}"
      tags:
        - always

    - name: Remove outdated dependencies
      apt:
        name: [
          'docker',
          'docker-client',
          'docker-client-latest',
          'docker-common',
          'docker-latest',
          'docker-latest-logrotate',
          'docker-logrotate',
          'docker-engine',
          'smartmontools',
        ]
        state: 'absent'
      when: ansible_distribution == "Ubuntu"
      tags:
        - common
        - install

    - name: "Import autodiscover pre-tasks"
      import_tasks: tasks/autodiscover_pre_tasks.yml
      become: false
      tags:
        - always

  roles:
    - role: ansible-role-docker
      when:
        - docker_enabled

    - role: hetzner-ansible-common
      tags:
        - common
    
    - role: devsec.hardening.ssh_hardening
      tags:
        - ssh_hardening 

    - role: hetzner-ansible-node-exporter
      when:
        - node_exporter_enabled
      tags:
        - node-exporter

    - role: hetzner-ansible-filebeat
      when:
        - docker_enabled
        - filebeat_enabled
      tags:
        - filebeat

    - role: hetzner-ansible-metricbeat
      when:
        - docker_enabled
        - metricbeat_enabled
      tags:
        - metricbeat

    - role: hetzner-ansible-traefik
      when:
        - docker_enabled
        - traefik_enabled
      tags:
        - traefik