---
- hosts: platon.n39.eu
  become: true
  vars:
    ansible_python_interpreter: /usr/bin/python3
    door_open_command: '/home/pi/sesame-open.sh'
    ble_keykeeper_dir: '/home/pi/netz39_ble_keykeeper'
  roles:
    - role: ble-keykeeper-role
      vars:
        ble_keykeeper_user: "{{ gatekeeper_user }}"
        ble_keykeeper_group: "{{ gatekeeper_user }}"

  tasks:
    - name: Install packages needed for the system
      # This is a list of all packages,
      # unless they are installed by a specific role
      ansible.builtin.apt:
        state: present
        name:
          # This is needed for the user-executed tasks
          - acl
          # Regular packages
          - tmux
          - git-core
          - cmake
          - build-essential
          - libmosquitto-dev
          - libconfig-dev
          - mpg123
          - mosquitto
          - i2c-tools
          - asterisk
          - asterisk-mp3
          - jq


    - name: Set MAC address for proper DHCP recognition
      # Uses mac variable from inventory
      ansible.builtin.template:
        src: templates/network-interfaces-dhcp-mac.j2
        dest: /etc/network/interfaces.d/platon-mac
        owner: root
        group: root
        mode: '0644'

    - name: Disable IPv6
      # Because it is not working....
      ansible.builtin.copy:
        src: files/sysctl-no-ipv6.conf
        dest: /etc/sysctl.d/99-systcl-no-ipv6.conf
        owner: root
        group: root
        mode: '0644'


    ### Mosquitto for local MQTT

    - name: Local configuration for Mosquitto
      ansible.builtin.copy:
        src: files/platon/mosquitto-local.conf
        dest: /etc/mosquitto/conf.d/platon-local.conf
        owner: root
        group: root
        mode: '0644'
      notify: restart mosquitto


    ### Sesam for SSH access
    #
    # Make sure to provide the .ssh/authorized_keys from backup, if needed

    - name: Ensure sesam user is there
      ansible.builtin.user:
        name: sesam
        shell: /home/sesam/door-open.sh
        groups: i2c
        append: yes
        generate_ssh_key: yes

    - name: Get the SSH public key for sesam
      ansible.builtin.slurp:
        src: /home/sesam/.ssh/id_rsa.pub
      register: sesam_key

    - name: Add SSH public identity as authorized key to pi
      ansible.posix.authorized_key:
        user: "{{ gatekeeper_user }}"
        state: present
        key: "{{  sesam_key['content'] | b64decode }}"
        comment: "Sesam access"

    - name: Copy door-open.ssh for sesam
      ansible.builtin.copy:
        src: files/platon/sesam-door-open.sh
        dest: /home/sesam/door-open.sh
        owner: sesam
        group: sesam
        mode: "0755"


    ### Gatekeeper user (pi for now)
    #
    # All the gatekeeping / door control stuff is here!

    - name: Ensure gatekeeper user is there
      ansible.builtin.user:
        name: "{{ gatekeeper_user }}"
        groups: dialout,audio,plugdev,input,netdev,i2c,gpio
        append: yes

    - name: Copy management scripts
      ansible.builtin.copy:
        src: "files/platon/{{ item }}"
        dest: "/home/{{ gatekeeper_user }}/{{ item }}"
        owner: "{{ gatekeeper_user }}"
        group: "{{ gatekeeper_user }}"
        mode: "0755"
      loop:
        - i2cspeed.sh
        - reboot.sh
        - unstuck.sh
        - sesame-open.sh

    - name: Install start-up cron
      ansible.builtin.cron:
        name: Start the gatekeeper services
        job: "/home/{{ gatekeeper_user }}/reboot.sh"
        user: "{{ gatekeeper_user }}"
        special_time: reboot

    - name: Copy wiringPi library deb
      # WiringPi needs to be installed, but that library seems to be
      # obsolete. Download seems to be obsolete, too, so we keep it in
      # the Ansible repo for now.
      ansible.builtin.copy:
        src: files/wiringpi-latest.deb
        dest: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
        owner: "{{ gatekeeper_user }}"
        group: "{{ gatekeeper_user }}"
        mode: "0644"
      register: wiringPi_copy

    - name: Install wiringPi library  # noqa 503
      ansible.builtin.apt:
        state: present
        deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
      when: wiringPi_copy.changed


    ### Rollladensteuerung

    - name: Clone netz39_rollladensteuerung initial checkout
      # Do this as the gatekeeper user!
      become: yes
      become_user: "{{ gatekeeper_user }}"
      ansible.builtin.git:
        repo: https://github.com/netz39/rollladensteuerung.git
        dest: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung"
        clone: yes
        update: no

    - name: Compile dootstate agent
      # Do this as the gatekeeper user!
      become: yes
      become_user: "{{ gatekeeper_user }}"
      ansible.builtin.shell:
        chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate"
        cmd: make
        creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate/doorstate"

    - name: Compile shuttercontrol
      # Do this as the gatekeeper user!
      become: yes
      become_user: "{{ gatekeeper_user }}"
      ansible.builtin.shell:
        chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol"
        cmd: make
        creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol/shuttercontrol"

    - name: Create directory for tyr sounds
      ansible.builtin.file:
        path: "/home/{{ gatekeeper_user }}/tyr/sounds"
        state: directory
        owner: "{{ gatekeeper_user }}"
        group: "{{ gatekeeper_user }}"
        mode: "0755"


    ### MQTT Tools

    - name: Clone MQTT tools (initial checkout)
      # Do this as the gatekeeper user!
      become: yes
      become_user: "{{ gatekeeper_user }}"
      ansible.builtin.git:
        repo: https://github.com/penguineer/mqtt-tools.git
        dest: "/home/{{ gatekeeper_user }}/mqtt-tools"
        clone: yes
        update: no

    - name: Compile MQTT clock
      # Do this as the gatekeeper user!
      become: yes
      become_user: "{{ gatekeeper_user }}"
      ansible.builtin.shell:
        warn: false
        chdir: "/home/{{ gatekeeper_user }}/mqtt-tools"
        cmd: |
          mkdir build
          cd build
          cmake ..
          make
          cp agents/mqtt-clock ../agents/mqtt-clock
        creates: "/home/{{ gatekeeper_user }}/mqtt-tools/agents/mqtt-clock"


    ### Syslog setup for shuttercontrol.log

    - name: Check if rsyslog is actually installed
      ansible.builtin.package:
        name: rsyslog
        state: present
      check_mode: true
      register: rsyslog_check

    - name: Fail if rsyslog is missing
      ansible.builtin.fail:
        msg: "Please make sure that rsyslog is installed!"
      when: rsyslog_check is not succeeded

    - name: Make sure shuttercontrol.log exists
      ansible.builtin.copy:
        content: ""
        dest: /var/log/shuttercontrol.log
        # force=no ensures the file is created only if it does not exist
        force: no
        owner: root
        group: root
        mode: "0644"

    - name: Copy syslog setting for shuttercontrol
      ansible.builtin.copy:
        src: files/platon/syslog-shuttercontrol.conf
        dest: /etc/rsyslog.d/20-shuttercontrol.conf
        owner: root
        group: root
        mode: "0644"
      notify: restart rsyslog


    ### Asterisk

    - name: Set up SIP settings for asterisk
      # This uses the variable gatekeeper_sip_registration
      ansible.builtin.template:
        src: templates/platon/sip.conf.j2
        dest: /etc/asterisk/sip.conf
        owner: root
        group: root
        mode: "0644"
      notify: restart asterisk

    - name: Set up extensions for asterisk
      # This uses the variables gatekeeper_user and door_open_command
      ansible.builtin.template:
        src: templates/platon/extensions.conf.j2
        dest: /etc/asterisk/extensions.conf
        owner: root
        group: root
        mode: "0644"
      notify: restart asterisk

    - name: Ensure asterisk is in the right groups
      ansible.builtin.user:
        name: asterisk
        groups: audio,i2c,gpio
        append: yes
      notify: restart asterisk

    - name: Copy sounds
      ansible.builtin.copy:
        src: "files/platon/{{ item }}"
        dest: "/usr/local/share/asterisk/sounds/n39/"
        owner: root
        group: root
        mode: "0644"
      loop:
        # Check the extensions.conf.j2 template to see which files are needed
        - hello.gsm
        - granted.gsm
        - denied.gsm
      # Asterisk restart is not necessary


  handlers:
    - name: restart mosquitto
      service:
        name: mosquitto
        state: restarted
        enabled: yes

    - name: restart rsyslog
      service:
        name: rsyslog
        state: restarted
        enabled: yes

    - name: restart asterisk
      service:
        name: asterisk
        state: restarted
        enabled: yes