- hosts: exolobe1
  remote_user: root
  become: no
  roles:
    - role: sane_debian_system
    - role: self-updating-system
    - role: sshd
    - role: ssd
    - role: comfortable-debian-system
    - role: intel-wifi
    - role: version-controller
    - role: emacs
    - role: gnupg-workstation
    - role: gnome-system
    - role: ansible
    - role: vmhost
    - role: mail-client
    - role: annexed
    - role: unix_users
#    - role: liw
    - role: rust-rustup
    - role: riot-host
    - role: thinkpad

  tasks:
    # Remove ping to force it be reinstalled so that the right
    # capabilities are set.
    - apt:
        name: iputils-ping
        state: absent

    - apt:
        name:
          - ambient-driver
          - asciidoctor
          - black
          - btrfs-progs
          - build-essential
          - cachedir
          - capnproto
          - clab
          - clang
          - daemonize
          - debhelper
          - expect
          - extrautils
          - fio
          - firmware-misc-nonfree
          - fling
          - gddrescue
          - genisoimage
          - gimp
          - graphviz
          - inkscape
          - iputils-ping
          - jq
          - jt
          - libclang-dev
          - libdvd-pkg
          - librsvg2-bin
          - libsqlite3-dev
          - libssl-dev
          - libvirt-dev
          - linux-perf
          - liw-automation
          - llvm
          - lmodern
          - nettle-dev
          - nfs-common
          - obnam
          - obnam-benchmark
          - openpgp-ca
          - ovmf
          - pandoc
          - pandoc-filter-diagram
          - pathdedup
          - pavucontrol
          - pkg-config
          - plantuml
          - printer-driver-ptouch
          - python3
          - python3-requests
          - qemu-user-static
          - radicle
          - sequoia-chameleon-gnupg
          - shellcheck
          - sq-liw
          - sqlite3
          - sshca
          - subplot
          - summain
          - texlive-fonts-recommended
          - texlive-latex-base
          - texlive-latex-extra
          - texlive-latex-recommended
          - texlive-plain-generic
          - unicode
          - usbutils
          - uuid
          - validns
          - vlc
          - vobcopy
          - vmdb2
          - xpdf
          - zerofree


    - name: install command line utilities
      apt:
        name:
        - acpi
        - ambient-run
        - apt-file
        - bc
        - bind9-host
        - cryptsetup
        - curl
        - debmirror
        - dict
        - dict-foldoc
        - dict-gcide
        - dict-jargon
        - dict-vera
        - dict-wn
        - dictd
        - dnsutils
        - git-annex
        - htop
        - iftop
        - ikiwiki
        - info
        - jt
        - locales-all
        - lshw
        - lvm2
        - mmv
        - moreutils
        - mosh
        - mtr
        - nethogs
        - nmap
        - num-utils
        - oathtool
        - parted-doc
        - psmisc
        - pv
        - rsync
        - screen
        - strace
        - time
        - tmux
        - units
        - vim
        - w3m
        - whois
        - yaml-mode
        - zip
        - yaml-mode
        - zip
        - zoxide

    - name: configure dict
      copy:
        content: |
          server localhost
        dest: /etc/dictd/dict.conf

    - lineinfile:
        path: /etc/gdm3/daemon.conf
        regexp: WaylandEnable=
        line: "# WaylandEnable=false"

    - lineinfile:
        path: /etc/default/grub
        regexp: GRUB_ENABLE_CRYPTODISK
        line: "GRUB_ENABLE_CRYPTODISK=n"

    - lineinfile:
        path: /etc/environment
        regexp: MOZ_ENABLE_WAYLAND
        line: "MOZ_ENABLE_WAYLAND=1"

    - shell: |
        flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

    - shell: |
        env DEBIAN_FRONTEND=noninteractive dpkg-reconfigure libdvd-pkg

    - name: "create liw/.radicle/keys"
      file:
        state: directory
        path: /home/liw/.radicle/keys
        owner: liw
        group: liw
        mode: 0755

    - name: "install radicle private key"
      copy:
        content: "{{ radicle_key }}"
        dest: /home/liw/.radicle/keys/radicle
        owner: liw
        group: liw
        mode: 0600

    - name: "install radicle public key"
      copy:
        content: "{{ radicle_pub }}"
        dest: /home/liw/.radicle/keys/radicle.pub
        owner: liw
        group: liw
        mode: 0644

  vars:
    ansible_python_interpreter: /usr/bin/python3

    sane_debian_system_version: 2
    sane_debian_system_hostname: "{{ inventory_hostname }}"
    sane_debian_system_codename: bookworm
    sane_debian_system_timezone: Europe/Helsinki
    sane_debian_system_sources_lists:
      - repo: |
          deb http://deb.debian.org/debian bookworm contrib non-free non-free-firmware

      - repo: |
          deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware

      - repo: |
          deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

      - repo: |
          deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware

      - repo: deb http://apt.liw.fi/debian unstable main
        signing_key: "{{ apt_liw_fi_signing_key }}"

    unix_users_version: 2
    unix_users:
      - username: liw
        comment: Lars Wirzenius
        sudo: yes
        groups:
          - audio
          - bluetooth
          - cdrom
          - dialout
          - dip
          - floppy
          - libvirt
          - kvm
          - netdev
          - plugdev
          - scanner
          - video

    mailname: "exolobe1.liw.fi"
    relayhost: pieni.net:587
    smarthost: pieni.net
    smarthost_user: pienirelay
    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"

    sshd_version: 1

    rustup_cargo_install: |
      cargo-cache \
      pikchr-cli \
      bottom

    radicle_key: "{{ lookup('pipe', 'pass radicle/liw/key') }}"
    radicle_pub: "{{ lookup('pipe', 'pass radicle/liw/key.pub') }}"