- hosts: tursas
  remote_user: root
  become: no
  roles:
    - role: sane_debian_system
    - role: self-updating-system
    - role: sshd
    - role: ssd
    - role: comfortable-debian-system
    - role: intel-wifi
    - role: gnupg-workstation
    - role: gnome-system
    - role: mail-client
    - role: unix_users
    - role: rust-rustup

  tasks:
    - name: "remove ping so it can be re-installed with capabilities"
      apt:
        name: iputils-ping
        state: absent

    - name: "install additional software"
      apt:
        name:
          - acpi
          - ambient-driver
          - ansible
          - apt-file
          - asciidoctor
          - bc
          - bind9-host
          - black
          - cachedir
          - clab
          - colordiff
          - cpu-checker
          - curl
          - daemonize
          - dict
          - dict-foldoc
          - dict-gcide
          - dict-jargon
          - dict-vera
          - dict-wn
          - dictd
          - dnsutils
          - emacs
          - fio
          - firmware-sof-signed
          - gddrescue
          - genisoimage
          - git-annex
          - gimp
          - graphviz
          - iftop
          - ikiwiki
          - info
          - iputils-ping
          - jq
          - jt
          - libdvd-pkg
          - librsvg2-bin
          - liw-automation
          - locales-all
          - lshw
          - memtest86+
          - moreutils
          - musl
          - musl-dev
          - musl-tools
          - nfs-common
          - nmap
          - num-utils
          - oathtool
          - obnam
#          - obnam-benchmark
#          - openpgp-ca
          - ovmf
          - pan
          - pandoc
          - pandoc-filter-diagram
          - pass
          - pathdedup
          - pavucontrol
          - pciutils
          - plantuml
          - printer-driver-ptouch
          - psmisc
          - pv
          - qemu-user-static
          - radicle
          - ripgrep
          - shellcheck
          - sqlite3
          - sshca
          - strace
          - subplot
          - summain
          - s-tui
          - systemd-zram-generator
          - texlive-fonts-recommended
          - texlive-latex-extra
          - texlive-latex-recommended
          - texlive-plain-generic
          - tidy
          - time
          - units
          - usbutils
          - uuid
          - validns
          - vim
          - virt-manager
          - vlc
          - vmdb2
          - vobcopy
          - w3m
          - whois
          - xpdf
          - yaml-mode
          - zerofree
          - zip
          - zoxide
          - zram-tools

          # - expect
          # - gimp
          # - inkscape
          # - linux-perf
          # - python3-requests
          # - unicode
        # - mmv
        # - mtr
        # - nethogs
        # - parted-doc

    - name: "configure zram"
      copy:
        content: |
          ALGO=zstd
          PERCENT=50
        dest: /etc/default/zramswap

    - name: configure dict
      copy:
        content: |
          server localhost
        dest: /etc/dictd/dict.conf

    - lineinfile:
        path: /etc/default/grub
        regexp: GRUB_ENABLE_CRYPTODISK
        line: "GRUB_ENABLE_CRYPTODISK=n"

    - shell: |
        update-grub

    - lineinfile:
        path: /etc/environment
        regexp: MOZ_ENABLE_WAYLAND
        line: "MOZ_ENABLE_WAYLAND=1"

    - shell: |
        env DEBIAN_FRONTEND=noninteractive dpkg-reconfigure libdvd-pkg

    # CAREFUL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    # - name: "create liw/.radicle/keys"
    #   file:
    #     state: directory
    #     path: /home/liw/.radicle/keys
    #     owner: liw
    #     group: liw
    #     mode: 0755

    # - name: "install radicle private key"
    #   copy:
    #     content: "{{ radicle_key }}"
    #     dest: /home/liw/.radicle/keys/radicle
    #     owner: liw
    #     group: liw
    #     mode: 0600

    # - name: "install radicle public key"
    #   copy:
    #     content: "{{ radicle_pub }}"
    #     dest: /home/liw/.radicle/keys/radicle.pub
    #     owner: liw
    #     group: liw
    #     mode: 0644

  vars:
    ansible_python_interpreter: /usr/bin/python3

    sane_debian_system_version: 2
    sane_debian_system_hostname: "{{ inventory_hostname }}"
    sane_debian_system_codename: bookworm
    sane_debian_system_timezone: Europe/Helsinki
    sane_debian_system_sources_lists:
      - repo: |
          deb http://deb.debian.org/debian bookworm contrib non-free non-free-firmware

      - repo: |
          deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware

      - repo: |
          deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

      - repo: |
          deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware

      - repo: deb http://apt.liw.fi/debian unstable main
        signing_key: "{{ apt_liw_fi_signing_key }}"

    unix_users_version: 2
    unix_users:
      - username: liw
        comment: Lars Wirzenius
        groups:
          - audio
          - bluetooth
          - cdrom
          - dialout
          - dip
          - floppy
          - kvm
          - netdev
          - plugdev
          - scanner
          - video

    mailname: "tursas.liw.fi"
    relayhost: pieni.net:587
    smarthost: pieni.net
    smarthost_user: pienirelay
    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"

    sshd_version: 1

    rustup_cargo_install: |
      cargo-cache \
      cargo-deny \
      cargo-outdated \
      cargo-semver-checks \
      pikchr-cli \
      bottom

    # CAREFUL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    # radicle_key: "{{ lookup('pipe', 'pass radicle/liw/key') }}"
    # radicle_pub: "{{ lookup('pipe', 'pass radicle/liw/key.pub') }}"