--- 
###
# This role installs the basic package and host setup for AniNIX operations.
#
#
#
 - name: Set up AniNIX-specific repository
   become: yes
   file:
     path: /opt/aninix
     state: directory

 - name: Verify GPG keys
   ignore_errors: yes
   become: yes
   command: 
     cmd: gpg --homedir /etc/pacman.d/gnupg --list-key 1CC1E3F4ED06F296
   register: gpg_verify
   when: ansible_os_family == "Archlinux"

 - name: Install GPG keys
   become: yes
   command:
     cmd: /bin/bash -l -c 'pacman-key --recv-key 1CC1E3F4ED06F296; pacman-key --finger 1CC1E3F4ED06F296; pacman-key --lsign-key 1CC1E3F4ED06F296;'
   when: ansible_os_family == "Archlinux" and gpg_verify.rc != 0

 - name: Set up pacman.conf
   become: yes
   blockinfile:
     path: /etc/pacman.conf
     insertafter: EOF
     marker: "# {mark} Ubiqtorate Managed Block"
     block: |
       [AniNIX]
       SigLevel = Required DatabaseOptional
       Server = https://maat.aninix.net/
       
       [aur]
       SigLevel = Required DatabaseOptional
       Server = https://maat.aninix.net/aur/
   when: ansible_os_family == "Archlinux"

 - name: Install ShadowArch (ArchLinux)
   become: yes
   pacman:
     name: ShadowArch
     state: present
     update_cache: yes
   when: ansible_os_family == "Archlinux"

 - name: Download ShadowArch (Other)
   become: yes
   git:
     repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
     dest: '/opt/aninix/ShadowArch'
     update: yes
   when: ansible_os_family != "Archlinux"

 - name: Install ShadowArch (Other)
   become: yes
   command: 
     chdir: '/opt/aninix/ShadowArch'
     cmd: 'make install' 
   when: ansible_os_family != "Archlinux"

 - name: Base packages
   become: yes
   package:
     name:
       - bash
       - sudo

 - name: Set up hostname
   become: yes
   hostname: 
     name: "{{ inventory_hostname }}.{{ replica_domain }}"

 - name: Set up /etc/hosts
   become: yes
   lineinfile:
     dest: /etc/hosts
     regexp: '^127.0.0.1[ \t]+localhost'
     line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
     state: present

 - name: Identify depriv user
   command:
     cmd: "bash -c 'getent passwd 1001 | cut -f 1 -d :'"
   register: depriv_user

   # This is an AniNIX convention to allow password management by Ansible.
 - name: Ensure 1001 has sudo permissions.
   become: yes
   copy:
     dest: /etc/sudoers.d/1001  
     content: "{{ depriv_user.stdout }} ALL=(ALL) NOPASSWD: ALL\n"

 - name: Test root password
   ignore_errors: yes
   register: root_password_test
   become: yes
   command: id
   vars:
     ansible_become_method: su
     ansible_become_user: root
     ansible_become_password: "{{ lookup('vars',inventory_hostname+'_password') }}"
       
 - name: Define root password
   become: yes
   when: root_password_test.rc is not defined or root_password_test.rc != 0
   command:
     cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"

 
 - name: Define depriv password
   become: yes
   when: root_password_test.rc is not defined or root_password_test.rc != 0
   command:
     cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd {{ depriv_user.stdout }}"