---
- name: Load secret values
  hosts: "console"
  gather_facts: false
  become: false
  tasks:
    - name: Load secret from secrets.yaml
      ansible.builtin.include_role:
        name: "console"
        tasks_from: "node/load_secret_vars"
        apply:
          tags: ["always"]
      tags: ["always"]

- name: Site infra
  hosts: infra
  gather_facts: false
  become: false
  pre_tasks:
    - name: Set become password
      ansible.builtin.set_fact:
        ansible_become_pass: "{{ hostvars['console']['sudo']['password']['infra'] }}"
      tags: ["always"]

  tasks:
    - name: Set timezone to Asia/Seoul
      community.general.timezone:
        name: Asia/Seoul
      become: true
      tags: ["init", "timezone"]

    - name: Deploy root_ca certificate
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "node/deploy_root_ca"
        apply:
          tags: ["init", "root_crt"]
      tags: ["init", "root_crt"]

    - name: Deploy hosts file
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "node/deploy_hosts"
        apply:
          tags: ["init", "hosts"]
      tags: ["init", "hosts"]

    - name: Create default directory
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "node/create_default_dir"
        apply:
          tags: ["init", "default_dir"]
      tags: ["init", "default_dir"]

    - name: Set ssh host
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "node/set_ssh_host"
        apply:
          tags: ["init", "ssh_host"]
      tags: ["init", "ssh_host"]

    - name: Set networkd
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "node/set_networkd"
        apply:
          tags: ["init", "networkd"]
      tags: ["init", "networkd"]

    - name: Set resolved
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "node/set_resolved"
        apply:
          tags: ["init", "resolved"]
      tags: ["init", "resolved"]

    - name: Update and upgrade apt
      ansible.builtin.apt:
        upgrade: "dist"
        update_cache: true
        cache_valid_time: 3600
      become: true
      tags: ["init", "site", "upgrade-packages"]

    - name: Install common packages
      ansible.builtin.apt:
        name:
          - "acl"
          - "curl"
          - "jq"
          - "netcat-openbsd"
          - "dbus-user-session"
        state: "present"
      become: true
      tags: ["init", "site", "install-packages"]

    - name: Set linger
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "node/set_linger"
        apply:
          tags: ["init", "linger"]
      tags: ["init", "linger"]

    - name: Set podman
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "services/set_podman"
        apply:
          tags: ["init", "podman"]
      tags: ["init", "podman"]

    - name: Set nftables
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "node/set_nftables"
        apply:
          tags: ["init", "nftables"]
      tags: ["init", "nftables"]

    - name: Set crowdsec
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "services/set_crowdsec"
        apply:
          tags: ["site", "crowdsec"]
      tags: ["site", "crowdsec"]

    - name: Set ca
      ansible.builtin.include_role:
        name: "infra"
        tasks_from: "services/set_ca_server"
        apply:
          tags: ["site", "ca"]
      tags: ["site", "ca"]

    - name: Set postgresql
      ansible.builtin.include_role:
        name: "infra"
        tasks_from: "services/set_postgresql"
        apply:
          tags: ["site", "postgresql"]
      tags: ["site", "postgresql"]

    - name: Set caddy
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "services/set_caddy"
        apply:
          tags: ["site", "caddy"]
      tags: ["site", "caddy"]

    - name: Set ldap
      ansible.builtin.include_role:
        name: "infra"
        tasks_from: "services/set_ldap"
        apply:
          tags: ["site", "ldap"]
      tags: ["site", "ldap"]

    - name: Set x509 exporter
      ansible.builtin.include_role:
        name: "infra"
        tasks_from: "services/set_x509-exporter"
        apply:
          tags: ["site", "x509-exporter"]
      tags: ["site", "x509-exporter"]

    - name: Set prometheus
      ansible.builtin.include_role:
        name: "infra"
        tasks_from: "services/set_prometheus"
        apply:
          tags: ["site", "prometheus"]
      tags: ["site", "prometheus"]

    - name: Set loki
      ansible.builtin.include_role:
        name: "infra"
        tasks_from: "services/set_loki"
        apply:
          tags: ["site", "loki"]
      tags: ["site", "loki"]

    - name: Set alloy
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "services/set_alloy"
        apply:
          tags: ["site", "alloy"]
      tags: ["site", "alloy"]

    - name: Set grafana
      ansible.builtin.include_role:
        name: "infra"
        tasks_from: "services/set_grafana"
        apply:
          tags: ["site", "grafana"]
      tags: ["site", "grafana"]

    - name: Set kopia
      ansible.builtin.include_role:
        name: "common"
        tasks_from: "services/set_kopia"
        apply:
          tags: ["site", "kopia"]
      tags: ["site", "kopia"]