---
- name: Deploy KVM virtual machines
  ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
  vars:
    myhosts: adm

- name: Configure instance
  hosts: adm
  user: root
  gather_facts: true

  vars_files:
    - "{{ ansible_private }}/vars.yml"

  pre_tasks:
    - name: Mount /export
      ansible.posix.mount:
        name: /export
        src: LABEL=/export
        fstype: xfs
        opts: noatime,nosuid,nodev
        passno: "0"
        dump: "0"
        state: mounted

  roles:
    - base
    - ansible_host
    - certbot
    - cups
    - sshca
    - ssh_known_hosts
    - role: keytab
      keytab_principals:
        - "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
    - nfs_client
    - role: autofs
      autofs_home: false
    - sssd
    - mkhomedir
    - rpm_build
    - web_build

  tasks:
    - name: Install packages
      ansible.builtin.package:
        name: "{{ item }}"
        state: installed
      with_items:
        - emacs-nox           # more editors
        - httpd-tools         # htpasswd
        - knot-utils          # kdig (dns over tls)
        - libvirt-client      # kvm host client
        - make                # generic building
        - mariadb             # mariadb client tools
        - nano                # more editors
        - nmap                # check for open ports
        - nsd                 # check dns zone files
        - podman              # building containers
        - pylint              # python linting
        - python3-flake8      # python linting
        - speedtest-cli       # testing network speed
        - ShellCheck          # shell script linting
        - virt-install        # install kvm guests
        - wget                # still in backbone for downloads
        - whois               # read whois data
        - yamllint            # yaml linting
    - name: Disable IP host key checking from SSH
      ansible.builtin.copy:
        content: |
          Host *.home.foo.sh
            CheckHostIP no
          Host shell??.foo.sh
            CheckHostIP no
        dest: /root/.ssh/config
        mode: "0600"
        owner: root
        group: "{{ ansible_wheel }}"

    - name: Clone dns repo
      ansible.builtin.git:
        dest: /export/dns
        repo: https://adm01.home.foo.sh/dns.git
        update: true
        version: master
      environment:
        GIT_SSL_CAINFO: "{{ tls_certs }}/ca.crt"
        GIT_SSL_CERT: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
        GIT_SSL_KEY: "{{ tls_private }}/{{ inventory_hostname }}.key"
      when: 'inventory_hostname != "adm01.home.foo.sh"'
    - name: Link dns repo
      ansible.builtin.file:
        dest: /srv/dns
        src: /export/dns
        state: link
        owner: root
        group: "{{ ansible_wheel }}"
        follow: false
    - name: Add cron job to sync dns repo
      ansible.builtin.cron:
        name: sync dns repository
        job: >-
          GIT_SSL_CAINFO="{{ tls_certs }}/ca.crt"
          GIT_SSL_CERT="{{ tls_certs }}/{{ inventory_hostname }}.crt"
          GIT_SSL_KEY="{{ tls_private }}/{{ inventory_hostname }}.key"
          git -C /srv/dns pull -q
        minute: "02"
      when: 'inventory_hostname != "adm01.home.foo.sh"'
    - name: Links dns repo to web
      ansible.builtin.file:
        dest: "/srv/web/{{ inventory_hostname }}/dns.git"
        src: /srv/dns/.git
        state: link
        owner: root
        group: "{{ ansible_wheel }}"