## This playbook deploys a client for LinuxMuster.
#
# Use the following in the installer's preseed file:
#
# d-i preseed/late_command string \
#       mkdir -p /target/home/ansible/.ssh && \
#       echo "ssh-ed25519 A...YOUR.KEY...Z" >> /target/home/ansible/.ssh/authorized_keys ; \
#       in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
#       in-target chmod -R og= /home/ansible/.ssh/ ; \
#       if [ -n "$playbook" ] ; then \
#         mkdir -v /target/dev/shm ; \
#         in-target mount -v -t tmpfs tmpfs /dev/shm ; \
#         echo "$vaultpw" > /target/dev/shm/vaultpw ; \
#         in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
#            --vault-password-file /dev/shm/vaultpw \
#            -i localhost, --url=git://ansible.example.org/.git -C YOUR_BRANCH $playbook ; \
#       fi
#
---
- name: Apply common configuration to the machines
  hosts: all # desktop:laptop
  remote_user: ansible
  become: true
  pre_tasks:
#    - name: Ask for global-admin AD password
#      ansible.builtin.pause:
#        prompt: "Enter global-admin AD password. Leave empty to skip domain join"
#        echo: false
#      register: adpw
#      no_log: true
#      when: "ansible_cmdline.adpw is not defined"
#    - name: Preseed apparmor
#      ansible.builtin.debconf:
#        name: apparmor
#        question: apparmor/homedirs
#        value: >-
#          /srv/samba/schools/default-school/teachers/
#          /srv/samba/schools/default-school/students/*/
#          /srv/samba/schools/default-school/examusers/
#        vtype: string
    - name: Preseed unattended-upgrades
      ansible.builtin.debconf:
        name: unattended-upgrades
        question: unattended-upgrades/enable_auto_updates
        value: true
        vtype: boolean

  roles:
    - lmn_network
    - role: up2date_debian
      tags: upgrade
#    - lmn_sssd
#    - lmn_mount
#    - lmn_kde
#    - role: lmn_vm
#      when: vm_support
#    - role: lmn_printer
#      when: printservers is defined
#    - kerberize
#    - lmn_misc
#    - role: lmn_localproxy
#      when: localproxy
#    - role: lmn_localhome
#      when: localhome
#    - role: lmn_localuser
#      when: localuser
#    - role: lmn_exam
#      when: exam_mode
#    - role: lmn_wlan
#      when:
#        - ansible_interfaces | select('search', 'wl.+') | first is defined
#        - wlan != 'none'

  tasks:
    - name: Include custom roles
      ansible.builtin.include_role:
        name: "custom/{{ rolename }}"
      loop: "{{ custom_roles }}"
      loop_control:
        loop_var: rolename
      when: custom_roles is defined

    - name: Final tasks
      ansible.builtin.include_role:
        name: "{{ role }}"
      loop_control:
        loop_var: role
      loop:
        - lmn_security
 #       - lmn_finish
 #       - lmn_tmpfixes


- name: Apply roles that must run serial
  hosts: all
  remote_user: ansible
  become: true
  serial: 1
  ignore_unreachable: true

  roles:
    - role: lmn_vpn
      when: vpn != "none"