---
 ###
 # This role installs the basic package and host setup for AniNIX operations.

  # This is an AniNIX convention to allow password management by Ansible.
  - name: Base packages
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    package:
      name:
        - bash
        - sudo
        - git
        - tmux
        - vim
        - sysstat
        - iotop
        - lsof
        - rsync
        - xfsprogs
      state: present
      update_cache: yes

  - name: Ensure deploy user has sudo permissions.
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    copy:
      dest: /etc/sudoers.d/basics
      content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"

  - name: Ensure we include /etc/sudoers.d (Current)
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    when: ansible_architecture != "armv6l"
    lineinfile:
      path: /etc/sudoers
      regexp: "includedir /etc/sudoers.d"
      line: "@includedir /etc/sudoers.d"

  - name: Ensure we include /etc/sudoers.d (Legacy)
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    when: ansible_architecture == "armv6l"
    lineinfile:
      path: /etc/sudoers
      regexp: "includedir /etc/sudoers.d"
      line: "#includedir /etc/sudoers.d"

  - name: Test root password
    ignore_errors: yes
    register: root_password_test
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    command: id

  - name: Define passwords
    vars:
      ansible_become_user: "root"
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    when: root_password_test.rc is not defined or root_password_test.rc != 0
    command:
      cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ passwords[inventory_hostname] }}' '{{ passwords[inventory_hostname] }}' | passwd {{ item }}"
    loop:
      - root
      - "{{ ansible_user_id }}"

  - name: Set up pacman.conf
    vars:
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    copy:
      src: pacman.conf
      dest: /etc/pacman.conf
      owner: root
      group: root
      mode: 0644
    when: ansible_os_family == "Archlinux"

  - name: Generate mirrorlist
    delegate_to: localhost
    run_once: yes
    command: "bash ../bin/generate-mirrorlist"

  - name: Copy mirrorlist
    become: yes
    when: ansible_os_family == "Archlinux"
    copy:
      src: mirrorlist
      dest: /etc/pacman.d/mirrorlist.shadowarch
      owner: root
      group: root
      mode: 0644

  - name: Set up apt sources.list
    vars:
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    copy:
      content: |
        deb http://archive.raspberrypi.org/debian/ bullseye main
        # Uncomment line below then 'apt-get update' to enable 'apt-get source'
        #deb-src http://archive.raspberrypi.org/debian/ bullseye main
      dest: /etc/apt/sources.list.d/raspi.list
      owner: root
      group: root
      mode: 0644
    when: ansible_os_family == "Debian"

  - name: Install ShadowArch (ArchLinux)
    vars:
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    pacman:
      name: ShadowArch
      state: present
      update_cache: yes
    when: ansible_os_family == "Archlinux"

  - name: Set up AniNIX-specific repository location (Other)
    when: ansible_os_family != "Archlinux"
    vars:
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    file:
      path: /opt/aninix
      state: directory

  - name: Download ShadowArch (Other)
    vars:
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    ignore_errors: yes
    git:
      repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
      dest: '/opt/aninix/ShadowArch'
      update: yes
    when: ansible_os_family != "Archlinux"

  - name: Install ShadowArch (Other)
    vars:
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    command:
      chdir: '/opt/aninix/ShadowArch'
      cmd: '/bin/bash -c "make install; /usr/local/sbin/shadowarch-sync"'
    when: ansible_os_family != "Archlinux"

  - name: Set up hostname
    vars:
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    hostname:
      name: "{{ inventory_hostname }}.{{ replica_domain }}"

  - name: Set Bash MOTD
    become: yes
    copy:
      src: "motd/{{ inventory_hostname }}"
      dest: /etc/bash.motd
      owner: root
      group: root
      mode: 0644

  - name: Nullify overall MOTD
    become: yes
    copy:
      src: /dev/null
      dest: /etc/motd
      owner: root
      group: root
      mode: 0644

  - include: archlinux-network.yml
    when: ansible_os_family == "Archlinux"

  - include: raspbian-network.yml
    when: ansible_os_family == "Debian"

  - include: dns.yml

  - include: ntp.yml