# Ansible playbook to install stuff for a standard install with v-i.
# You should inspect the user_* variables at the end, and override
# them with "ansible_vars" in the system spec file. v-i sets the
# hostname variable automatically.

- hosts: image
  tasks:
    - name: "set /etc/hostname"
      copy:
        content: |
          {{ hostname }}
        dest: /etc/hostname

    - name: "lock root password"
      shell: |
        passwd -l root

    - name: "create ~root/.ssh"
      when: user_pub is defined
      file:
        state: directory
        path: /root/.ssh
        owner: root
        group: root
        mode: 0700

    - name: "set ~root/.ssh/authorized keys"
      when: user_pub is defined
      copy:
        content: |
          {{ user_pub }}
        dest: /root/.ssh/authorized_keys
        owner: root
        group: root
        mode: 0600

    - name: "install user CA public key"
      when: user_ca_pubkey is defined
      copy:
        content: |
          {{ user_ca_pubkey }}
        dest: /etc/ssh/user_ca_keys

    - name: "configure sshd to accept CA for users"
      when: user_ca_pubkey is defined
      copy:
        content: |
          TrustedUserCAKeys /etc/ssh/user_ca_keys
        dest: /etc/ssh/sshd_config.d/userca.conf

    - name: "install host key"
      when: host_key is defined
      copy:
        content: |
          {{ host_key }}
        dest: /etc/ssh/ssh_host_ed25519_key
        mode: 0600

    - name: "install host cert"
      when: host_cert is defined
      copy:
        content: |
          {{ host_cert }}
        dest: /etc/ssh/ssh_host_ed25519_key-cert.pub
        mode: 0644

    - name: "configue sshd to use host cert"
      when: host_cert is defined
      copy:
        content: |
          HostKey /etc/ssh/ssh_host_ed25519_key
          HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
        dest: /etc/ssh/sshd_config.d/host_cert.conf

    - name: "configure keyboard layout"
      copy:
        content: |
          XKBMODEL="{{ user_keyboard_model }}"
          XKBLAYOUT="{{ user_keyboard_layout }}"
          XKBVARIANT=""
          XKBOPTIONS=""
          BACKSPACE="guess"
        dest: /etc/default/keyboard

    - name: "configure console"
      copy:
        content: |
          ACTIVE_CONSOLES="/dev/tty[1-6]"
          CHARMAP="UTF-8"
          CODESET="{{ user_console_codeset }}"
          FONTFACE="Fixed"
          FONTSIZE="8x16"
          VIDEOMODE=
        dest: /etc/default/console-setup

    - name: "set default locales for all users"
      copy:
        content: |
          {{ user_locale }}
        dest: /etc/profile.d/locale.sh

    - name: "remove ifupdown"
      apt:
        name: ifupdown
        state: absent

    - name: "configure networkd"
      copy:
        content: |
          [Match]
          Name=eth0

          [Network]
          DHCP=yes
        dest: /etc/systemd/network/external.network

    - name: "enable networkd"
      systemd:
        name: systemd-networkd
        enabled: yes

  vars:
    ansible_python_interpreter: /usr/bin/python3

    # You may want to override these.
    user_locale: |
      export LC_CTYPE=fi_FI.UTF8
    user_keyboard_model: pc105
    user_keyboard_layout: fi
    user_console_codeset: Lat15