- hosts: radicle-other-node
  remote_user: debian
  become: yes
  roles:
    - role: sane_debian_system
    - role: sshd
    - role: unix_users
    - role: rust-rustup
    - role: liw
  tasks:
    - apt:
        name:
          - curl
          - git
          - jq
          - man-db
          - psmisc
          - rsync
          - screen
          - sqlite3
          - vim
          - w3m

    - name: "install radicle using installer"
      shell: |
        filename="/home/liw/.radicle/bin/rad"

        install=false
        if [ ! -e "$filename" ]; then
                install=true
        else
                weekago="$(date -d 'week ago' +%s)"
                mtime="$(stat -c %Y "$filename")"
                if [ "$mtime" -lt "$weekago" ]; then
                        install=true
                fi
        fi

        if $install; then
            curl -sSf https://radicle.xyz/install | sudo -u liw bash
        fi

    - name: "create liw/.radicle/keys"
      file:
        state: directory
        path: /home/liw/.radicle/keys
        owner: liw
        group: liw
        mode: 0755

    - name: "install radicle private key"
      copy:
        content: "{{ radicle_key }}"
        dest: /home/liw/.radicle/keys/radicle
        owner: liw
        group: liw
        mode: 0600

    - name: "install radicle public key"
      copy:
        content: "{{ radicle_pub }}"
        dest: /home/liw/.radicle/keys/radicle.pub
        owner: liw
        group: liw
        mode: 0644

    - name: "configure rad"
      copy:
        content: |
          {
              "publicExplorer": "https://app.radicle.xyz/nodes/$host/$rid$path",
              "preferredSeeds": [
              ],
              "web": {
                  "pinned": {
                      "repositories": []
                  }
              },
              "cli": {
                  "hints": true
              },
              "node": {
                  "alias": "liw-other-node",
                  "listen": [],
                  "peers": {
                      "type": "dynamic",
                      "target": 8
                  },
                  "connect": [
                      "z6MkfXa53s1ZSFy8rktvyXt5ADCojnxvjAoQpzajaXyLqG5n@radicle.liw.fi:8776"
                  ],
                  "externalAddresses": [],
                  "network": "main",
                  "relay": true,
                  "limits": {
                      "routingMaxSize": 1000,
                      "routingMaxAge": 604800,
                      "gossipMaxAge": 1209600,
                      "fetchConcurrency": 1,
                      "maxOpenFiles": 4096,
                      "rate": {
                          "inbound": {
                              "fillRate": 0.2,
                              "capacity": 32
                          },
                          "outbound": {
                              "fillRate": 1.0,
                              "capacity": 64
                          }
                      }
                  },
                  "policy": "block",
                  "scope": "followed"
              }
          }
        dest: /home/liw/.radicle/config.json
        owner: liw
        group: liw
        mode: 0644

    - name: "create /srv/http"
      file:
        state: directory
        path: /srv/http
        owner: liw
        group: liw
        mode: 0o755

  vars:
    sane_debian_system_version: 2
    sane_debian_system_hostname: "{{ inventory_hostname }}"
    sane_debian_system_codename: bookworm
    sane_debian_system_timezone: Europe/Helsinki
    sane_debian_system_sources_lists:
      - repo: |
          deb http://security.debian.org/debian-security bookworm-security main

      - repo: deb http://apt.liw.fi/debian unstable main
        signing_key: "{{ apt_liw_fi_signing_key }}"

    unix_users_version: 2
    unix_users:
      - username: liw

    sshd_version: 1

    radicle_key: "{{ lookup('pipe', 'pass radicle/radicle-other-node/key') }}"
    radicle_pub: "{{ lookup('pipe', 'pass radicle/radicle-other-node/key.pub') }}"