---
- name: Setup pi
  hosts: basementpi
  remote_user: root
  vars:

  tasks:
    - name: Disable cloud-init network config
      ansible.builtin.command: 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'

    - name: Delete existing netplan
      ansible.builtin.command: rm -f /etc/netplan/*
     
    - name: Copy netplan
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/01-netcfg.yaml.j2
        dest: /etc/netplan
        backup: true

    - name: Copy unbound config
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/unbound.conf.j2
        dest: ./unbound/
        backup: true

    - name: Apply Netplan
      ansible.builtin.command: netplan apply


    - name: Disable Ubunut stub DNS resolver
      ansible.builtin.shell: sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
    - name: symlink /etc/resolv to /run/systemd/resolve/resolv.conf
      ansible.builtin.shell: sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'

    - name: Restart resolved
      ansible.builtin.shell: systemctl restart systemd-resolved

    - name: Install restic
      ignore_errors: true
      ansible.builtin.apt:
        update_cache: true
        name:
          - restic


    - name: Copy ddclient config
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/ddclient.conf.j2
        dest: /root/docker/ddclient/ddclient.conf
        backup: true

- name: Setup bastion
  hosts: bastion
  vars:
  tags:
    - bastion
  roles:
    - bastion

- name: Immich env
  hosts:
    - docker-int
  tags:
    - docker
    - docker_hosts
  tasks:
    - name: "Immich env"
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/.env-immich.j2
        dest: /root/docker/.env-immich
        backup: true

- name: Configure Docker hosts
  hosts: 
    - docker
  vars:
  tags:
    - docker
    - docker_hosts
  tasks:
    - name: Copy Docker Compose file
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/compose.yml.j2
        dest: /root/docker/compose.yml
        backup: true
    - name: Pull images
      ansible.builtin.shell: docker compose pull
      args:
        chdir: /root/docker
    - name: Run Docker
      ansible.builtin.shell: docker compose up -d --remove-orphans
      args:
        chdir: /root/docker
    - name: Prune images
      ansible.builtin.shell: docker image prune -f

- name: Homeserver wireguard
  hosts: 
    - docker-ext
  tags:
    - bastion
  tasks:
    - name: "Homeserver Wireguard config"
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/wg0.conf.j2
        dest: /etc/wireguard/wg0.conf
        backup: true


- name: Setup docker-int wireguard
  hosts: docker-int
  vars:
  tags:
    - wireguard
  roles:
    - bastion

- name: Traefik config
  hosts:
    - docker-ext
  tags:
    - traefik
  tasks:
    - name: "Traefik rules"
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/rules.yaml.j2
        dest: /root/docker/traefik/rules.yaml
        backup: true