---
- name: SSH
  hosts: all
  tags: ssh

  tasks:
    - name: Ensure root ssh directory exists
      file:
        path: /root/.ssh
        state: directory

    - name: Import SSH keys
      authorized_key:
        user: root
        key: '{{ item }}'
        state: present
      loop: '{{ ssh_keys }}'


- name: General
  hosts: all
  tags: general

  tasks:
    - name: Install services
      community.general.xbps:
        name:
          - avahi
          - chrony
        state: present

    - name: Enable services
      community.general.runit:
        name: '{{ item }}'
        enabled: true
        state: started
      loop:
        - avahi-daemon
        - chronyd

    - name: Disable unneeded services
      community.general.runit:
        name: '{{ item }}'
        enabled: false
        state: stopped
      loop:
        - wpa_supplicant
        - agetty-tty3
        - agetty-tty4
        - agetty-tty5
        - agetty-tty6


- name: Users
  hosts: all
  tags: users

  tasks:
    - name: Set bash as default shell for root
      user:
        name: root
        shell: /bin/bash

    - name: User student
      user:
        name: student
        password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
        groups:
          # Arduino serial access
          - dialout
        state: present

    - name: Lock bash configuration files for student
      # Can be removed after LDAP setup
      file:
        path: '{{ item }}'
        owner: root
        group: root
        mode: 0644
        state: touch
      loop:
        - /home/student/.bashrc
        - /home/student/.bash_profile

    - name: Disable SSH for user student
      ansible.builtin.lineinfile:
        path: "/etc/ssh/sshd_config"
        line: "DenyUsers student"
        create: true


- name: Software
  hosts: all
  tags: software

  tasks:
    - name: Add non-free repository
      community.general.xbps:
        name: void-repo-nonfree
        state: present

    - name: Upgrade all packages
      community.general.xbps:
        upgrade: true

    - name: Install packages
      community.general.xbps:
        name: '{{ xbps_install }}'
        state: present
      when: xbps_install

    - name: Recursively remove packages
      community.general.xbps:
        name: '{{ xbps_remove }}'
        state: absent
        recurse: true
      when: xbps_remove

    - name: Clear xbps cache
      command: 'xbps-remove -O'

    - name: Purge old kernels
      command: 'vkpurge rm all'


- name: Gnome
  hosts: all
  tags:
    - gnome
    - software

  handlers:
    - name: Update dconf database
      command: 'dconf update'

  tasks:
    - name: Install Gnome
      community.general.xbps:
        name:
          - dbus
          - gnome
          - gnome-apps
          - gdm
          - xorg  # Prevents a crash on some systems
          - mesa-vdpau
          - mesa-vaapi
          - pipewire
        state: present

    - name: Enable services
      community.general.runit:
        name: '{{ item }}'
        enabled: true
        state: started
      loop:
        - dbus
        - gdm

    - name: Enable autologin
      copy:
        src: 'files/desktop/autologin'
        dest: '/etc/gdm/custom.conf'
      notify: Update dconf database

    - name: Ensure directories exist
      file:
        path: '{{item}}'
        state: directory
      loop:
        - /etc/dconf/db/local.d
        - /etc/dconf/db/local.d/locks

    - name: Create user profile
      copy:
        src: 'files/desktop/profile/user'
        dest: '/etc/dconf/profile/user'

    - name: Copy configuration files
      copy:
        src: 'files/desktop/main'
        dest: '/etc/dconf/db/local.d/main'
      notify: Update dconf database

    - name: Set screen timeout
      template:
        src: 'files/desktop/screensaver'
        dest: '/etc/dconf/db/local.d/screensaver'
      notify: Update dconf database


- name: PipeWire
  hosts: all
  tags: pipewire

  tasks:
    - name: Install PipeWire
      community.general.xbps:
        name:
          - pipewire
          - wireplumber
        state: present

    - name: Ensure configuration directories exist
      file:
        path: '/etc/pipewire/pipewire.conf.d/'
        state: directory

    - name: Copy PipeWire configuration
      copy:
        src: '{{ item.src }}'
        dest: '{{ item.dest }}'
      loop:
        - src: 'files/pipewire/pipewire.conf'
          dest: '/etc/pipewire/pipewire.conf'
        - src: 'files/pipewire/10-wireplumber.conf'
          dest: '/etc/pipewire/pipewire.conf.d/10-wireplumber.conf'

    - name: Symlink PipeWire to autostart
      file:
        src: '{{ item.src }}'
        dest: '{{ item.dest }}'
        state: link
      loop:
        - src: '/usr/share/applications/pipewire.desktop'
          dest: '/etc/xdg/autostart/pipewire.desktop'
        - src: '/usr/share/applications/pipewire-pulse.desktop'
          dest: '/etc/xdg/autostart/pipewire-pulse.desktop'


- name: GRUB
  hosts: all
  tags: grub

  handlers:
    - name: grub-mkconfig
      command: 'grub-mkconfig -o /boot/grub/grub.cfg'

  tasks:
    - name: Copy GRUB configuration
      template:
        src: 'files/grub/grub'
        dest: '/etc/default/grub'
      notify: grub-mkconfig


- name: Firefox
  hosts: all

  tasks:
    - name: Ensure Firefox extensions folder exists
      file:
        path: "/usr/lib64/firefox/distribution/extensions"
        state: directory

    - name: Install firefox extensions
      copy:
        src: "{{ item }}"
        dest: "/usr/lib64/firefox/distribution/extensions/"
      loop:
        - "files/firefox/uBlock0@raymondhill.net.xpi"


- name: Bakaláři
  hosts: teachers
  tags: bakalari

  tasks:
    - name: Create a desktop shortcut for Bakaláři
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
      loop:
        - src: "files/bakalari/bakalari.desktop"
          dest: "/usr/share/applications/bakalari.desktop"
        - src: "files/bakalari/bakalari.png"
          dest: "/usr/share/icons/bakalari.png"