# SPDX-FileCopyrightText: 2021 Free Software Foundation Europe <https://fsfe.org>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

---
- name: Install needed packages
  tags: [update]
  apt:
    package:
      - rsync
      - wireguard
      - wireguard-tools

- name: Copy package to server
  tags: [never, update]
  synchronize:
    src: "innernet-server.deb"
    dest: "/tmp/innernet-server.deb"

- name: Install package
  tags: [never, update]
  apt:
    deb: "/tmp/innernet-server.deb"
    update_cache: true
    install_recommends: true

- name: Check if network is initialised
  stat:
    path: "/var/lib/innernet-server/{{ network_name }}.db"
  register: db_file

- name: Create base network
  shell: |
    innernet-server new \
      --network-name "{{ network_name }}" \
      --network-cidr "{{ network_cidr }}" \
      --external-endpoint "[{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}]:{{ network_listen_port }}" \
      --listen-port {{ network_listen_port }}
  when: not db_file.stat.exists

- name: Create CIDRs
  shell: |
    innernet-server add-cidr "{{ network_name }}" \
      --parent "{{ item.parent }}" \
      --name "{{ item.name }}" \
      --cidr "{{ item.cidr }}" \
      --yes
  loop: "{{ cidrs }}"
  when:
    - item.name not in existing_cidrs

- name: Create peers
  shell: |
    innernet-server add-peer "{{ network_name }}" \
      --name "{{ item.name }}" \
      --cidr "{{ item.cidr }}" \
      --admin "{{ item.admin }}" \
      --save-config "{{ item.name }}.toml" \
      --invite-expires "14d" \
      --auto-ip \
      --yes
  loop: "{{ peers }}"
  when:
    - item.name not in existing_peers

- name: Check for actual peer invitation files
  shell: ls | grep .toml
  register: toml_files
  ignore_errors: true

- name: Custom error message
  fail:
    msg: "Could not find any new invitation files. Have you added a new peer?"
  when: toml_files.rc == 1

- name: Copy invitation files of peers to controller
  synchronize:
    src: "/root/{{ item.name }}.toml"
    dest: "{{ playbook_dir }}/roles/client/files/{{ item.name }}.toml"
    mode: pull
  when: toml_files.stdout.find(item.name) != -1
  loop: "{{ peers }}"

- name: Make sure invitation files are absent on innernet-server
  file:
    state: absent
    path: "/root/{{ item.name }}.toml"
  loop: "{{ peers }}"
  when:
    - item.name not in existing_peers

- name: Enable innernet-server daemon
  systemd:
    name: "innernet-server@{{ network_name }}"
    state: started