---
# tasks file for ansible_bootstrap

- name: detect debian
  raw: cat /etc/os-release|grep Debian||true
  register: debian

- name: detect Rocky
  raw: cat /etc/os-release|grep rocky||true
  register: rocky

- name: detect arch
  raw: cat /etc/os-release|grep Arch||true
  register: arch

- name: "install python for rocky"
  raw: dnf install python3 --assumeyes
  when: rocky.stdout

- name: "install python for debian"
  raw: apt-get install python3 --assume-yes
  when: debian.stdout

- name: "install python  on arch"
  raw: pacman -Sy python --noconfirm
  when: arch.stdout


- name: add local repo to mirrorlist
  become: yes
  lineinfile:
    path: /etc/pacman.d/mirrorlist
    line: "Server= {{system_arch_local_mirror}}/$repo/os/$arch"
    state: present
    insertbefore: BOF
  when: system_arch_local_mirror is defined and arch.stdout

- name: upgrade system for arch
  pacman:
    state: latest # not required. choices: absent;latest;present. Desired state of the package.
    upgrade: true # not required. Whether or not to upgrade whole system.
    force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases.
    update_cache: true
  become: yes
  register: upgrade
  when: arch.stdout

- name: upgrade system for debian
  apt:
    update_cache: yes # not required. Run the equivalent of C(apt-get update) before the operation. Can be run as part of the package installation or as a separate step.
    only_upgrade: yes # not required. Only upgrade a package if it is already installed.
    upgrade: full # not required. choices: dist;full;no;safe;yes. If yes or safe, performs an aptitude safe-upgrade.,If full, performs an aptitude full-upgrade.,If dist, performs an apt-get dist-upgrade.,Note: This does not upgrade a specific package, use state=latest for that.,Note: Since 2.4, apt-get is used as a fall-back if aptitude is not present.
    state: latest # not required. choices: absent;build-dep;latest;present. Indicates the desired package state. C(latest) ensures that the latest version is installed. C(build-dep) ensures the package build dependencies are installed.
  become: yes
  when: debian.stdout
  register: upgrade

- name: Reboot  updates to apply
  reboot:
    reboot_timeout: 3600
  when: arch.stdout and (upgrade.changed and "linux" in upgrade.packages)
  become: yes

- name: Collect only selected facts
  ansible.builtin.setup:
    filter:
      - 'ansible_distribution'
      - 'ansible_os_familly'

- name: import sssd role for ldap support
  import_role:
    name: ansible-role-sssd

- name: zsh install
  package:
    state: present
    name: zsh
    update_cache: true # not required. Whether or not to refresh the master package lists. This can be run as part of a package installation or as a separate step.

- name: inetutils install
  package:
    state: present
    name: inetutils
  when: arch.stdout

- name: sudoers install
  package:
    state: present # not required. choices: absent;latest;present. Desired state of the package.
    name: sudo # not required. Name or list of names of the packages to install, upgrade, or remove.

- name: create profil
  user:
    name: "{{user.name}}" # required. Name of the user to create, remove or modify.
    create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5.
    password: "{{userPassword}}" # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values.
    system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users.
    state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
    ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
    uid: "{{ user.uid }}"
    shell: /bin/bash
  when: sssd_configure is not defined or sssd_configure == false

- name: simulate login
  stat:
    path: "/home/{{user.name}}"
  become: true
  become_user: "{{user.name}}"
  when: sssd_configure == true

- name: set sudoers right
  lineinfile:
    dest: "/etc/sudoers.d/{{user.name}}"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: "present"
    create: True
    owner: "root"
    group: "root"
    mode: "0440"
    validate: 'visudo -cf "%s"'
  with_items:
    - regexp: '^{{user.name}}\s'
      line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"

- name: Ensure /etc/sudoers includes /etc/sudoers.d
  lineinfile:
    dest: "/etc/sudoers"
    regexp: '^#includedir\s+/etc/sudoers.d$'
    line: "#includedir /etc/sudoers.d"
    state: "present"
    validate: 'visudo -cf "%s"'

- name: Set authorized key taken from file
  authorized_key:
    user: "{{user.name}}"
    state: present
    key: "{{ lookup('file', '/home/{{user.name}}/.ssh/id_rsa.pub') }}"