---
- name: Ensure puppet server master section is configured
  ini_file:
    path: /etc/puppetlabs/puppet/puppet.conf
    section: master
    option: "{{ item.key }}"
    value: "{{ item.value }}"
    mode: '0644'
    backup: true
    create: true
  loop: "{{ puppet_master_config | dict2items }}"
  notify: 'Restart puppetserver'

- name: Ensure puppet server server section is configured
  ini_file:
    path: /etc/puppetlabs/puppet/puppet.conf
    section: server
    option: "{{ item.key }}"
    value: "{{ item.value }}"
    mode: '0644'
    backup: true
    create: true
  loop: "{{ puppet_server_config | dict2items }}"
  notify: 'Restart puppetserver'

- name: Find puppetserver command
  shell: which puppetserver | awk '{print($1)}' | true
  register: which_puppetserver

- name: Find puppetserver command with where
  shell: "whereis puppetserver | awk 'BEGIN {FS=\": \"} {print($2)}'"
  register: which_puppetserver
  when: which_puppetserver.stdout == ""

- name: Fail if not found puppetserver command
  fail:
    msg: "Puppet server command couldn't be found"
  when: which_puppetserver.stdout == ""

- name: Create self-signed certificate authority
  shell: "{{ which_puppetserver.stdout }} ca setup --subject-alt-names {{ subject_alt_names | join(',') }} --ca-name {{ puppet_server_name }} --certname {{ puppet_server_name }}"
  args:
    creates: /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem

- name: Find puppet command
  shell: which puppet | true
  register: which_puppet

- name: Find puppet command with where
  shell: "whereis puppet | awk 'BEGIN {FS=\": \"} {print($2)}'"
  register: which_puppet
  when: which_puppet.stdout == ""

- name: Fail if not found puppet command
  fail:
    msg: "Puppet command couldn't be found"
  when: which_puppet.stdout == ""

- name: Configure CA server
  shell: "{{ which_puppet.stdout }} config set ca_server {{ puppet_server_name }}"

- name: Configure autosign server
  shell: "{{ which_puppet.stdout }} config set autosign true"

- name: Check if puppet code folder exists
  stat:
    path: /etc/puppetlabs/code/environments/production
  register: puppet_code

- name: Check if readme file exists in puppet code folder
  stat:
    path: /etc/puppetlabs/code/environments/production/README
  register: code_readme
  when: puppet_code.stat.exists

- name: Copy puppet code folder if there is no readme (not from repo then)
  copy:
    remote_src: true
    src: /etc/puppetlabs/code/environments/production
    dest: /etc/puppetlabs/code/environments/production.bak
  when: puppet_code.stat.exists and not code_readme.stat.exists

- name: Remove puppet code folder if there is no readme (not from repo then)
  file:
    path: /etc/puppetlabs/code/environments/production
    state: absent

- name: Ensure puppet code repo is cloned
  git:
    repo: "{{ puppet_code_repo }}"
    dest: /etc/puppetlabs/code/environments/production
    depth: 1

- name: Ensure service unit to update puppet code exists
  template:
    src: templates/update_puppet_code.service.j2
    dest: /etc/systemd/system/update_puppet_code.service
    mode: 0644
    backup: yes
  notify: Reload Systemd daemon

- name: Ensure timer unit to update puppet code exists
  copy:
    src: files/update_puppet_code.timer
    dest: /etc/systemd/system/update_puppet_code.timer
    mode: 0644
    backup: yes
  notify: Reload Systemd daemon

- name: Ensure service to update puppet code is enabled
  service:
    name: update_puppet_code
    enabled: true

- name: Ensure UFW allow access to the server
  ufw:
    rule: allow
    port: "{{ puppet_master_config['serverport'] | default(8140) }}"

- name: Ensure puppetserver service is enabled and start
  service:
    name: puppetserver
    state: started
    enabled: true

- name: Ensure r10k is configured
  copy:
    dest: /etc/puppetlabs/r10k/r10k.yaml
    content: "{{ r10k_config | to_nice_yaml }}"

- name: Deploy environment
  shell: r10k deploy environment --config /etc/puppetlabs/r10k/r10k.yaml