---
- name: Consul install
  hosts: all
  roles:
    - role: ansible-consul
      become: true

- name: Vault install
  hosts: homelab
  roles:
    - role: ansible-hashicorp-vault
      become: true
  post_tasks:
    - name: Stat root file
      ansible.builtin.stat:
        path: "{{ vault_unseal_keys_dir_output }}/rootkey"
      register: rootkey_exist
      delegate_to: localhost
    - name: Reading root contents
      ansible.builtin.command: cat "{{ vault_unseal_keys_dir_output }}/rootkey"
      register: root_token
      delegate_to: localhost
      when: rootkey_exist.stat.exists
      changed_when: false
    - name: debug
      ansible.builtin.debug:
        var: root_token
    - name: Generate nomad token
      community.hashi_vault.vault_token_create:
        renewable: true
        policies: "nomad-server-policy"
        period: 72h
        no_parent: true
        token: "{{ root_token.stdout }}"
        url: "{{ vault_api_addr }}"
        retries: 4
      run_once: true
      delegate_to: localhost
      when: root_token.stdout is defined
      register: nomad_token_data

    - name: Gather nomad token
      ansible.builtin.set_fact:
        nomad_vault_token: "{{ nomad_token_data.login.auth.client_token }}"
      when: nomad_token_data.login is defined

- name: nomad
  hosts: all
  vars:
    unseal_keys_dir_output: ~/vaultunseal
  roles:
    - role: ansible-nomad
      become: true
    - role: docker
      become: true