---

- name: set localtime (only needed for gitea and frigate)
  become: true
  ansible.builtin.file:
    path: /usr/share/zoneinfo/Europe/London
    dest: /etc/localtime
    state: link

- name: set timezone (only neede for gitea)
  become: true
  ansible.builtin.shell:
    cmd: echo "Europe/London" | tee /etc/timezone && dpkg-reconfigure -f noninteractive tzdata
  changed_when: false


- name: Update apt and install required programs
  become: true
  ansible.builtin.apt:
    pkg:
      - gpg
      - ansible
      - cron
      - curl
      - git
      - tmux
      - podman
      - neovim
      - nfs-common
      - fzf
      - rsync
    state: present
    update_cache: true

- name: create mount directories
  become: true
  block:
  - name: create /mnt/share
    ansible.builtin.file:
      path: /mnt/share
      state: directory
  - name: create /mnt/media
    ansible.builtin.file:
      path: /mnt/media
      state: directory

- name: mount shares
  become: true
  block:
  - name: mount data
    ansible.posix.mount:
      path: /mnt/share
      src: "{{ truenas_ip }}:/mnt/pool/data"
      fstype: nfs4
      opts: defaults,auto,rw
      state: mounted
  - name: mount media
    ansible.posix.mount:
      path: /mnt/media
      src: "{{ truenas_ip }}:/mnt/pool/media"
      fstype: nfs4
      opts: defaults,auto,rw
      state: mounted

- name: setup backup
  become: true
  ansible.builtin.cron:
    minute: "0"
    hour: "4"
    name: "backup"
    user: "root"
    job: "/bin/bash '/mnt/share/services/scripts/backup.sh'"
    cron_file: backup

- name: check for podman folder
  ansible.builtin.file:
    path: /home/admin/podman
    state: directory
#  - name: initialize podman-compose
#    become: true
#    ignore_errors: true
#    ansible.posix.synchronize:
#      src: /mnt/share/DUNNO
#      dest: /home/admin
#      checksum: true

- name: change podman to overlayfs (system might need to be reset after this)
  block:
  - name: create directory if doesn't exist
    ansible.builtin.file:
      state: directory
      path: /home/admin/.config/containers/
  - name: create file if doesn't exist
    ansible.builtin.file:
      state: touch
      path: /home/admin/.config/containers/storage.conf
  - name: storage
    ansible.builtin.lineinfile:
      path: /home/admin/.config/containers/storage.conf
      search_string: [storage]
      line: [storage]
  - name: overlay
    ansible.builtin.lineinfile:
      path: /home/admin/.config/containers/storage.conf
      search_string: driver
      line: driver = 'overlay'

- name: allow rootless podman to access ports below 1000
  become: true
  ansible.posix.sysctl:
    name: net.ipv4.ip_unprivileged_port_start
    value: 80
    sysctl_file: /etc/sysctl.d/99-ports.conf

# this might not be needed, haven't tested
- name: allow rootless podmad (wireguard) to access net src
  become: true
  ansible.posix.sysctl:
    name: net.ipv4.conf.all.src_valid_mark
    value: 1
    sysctl_file: /etc/sysctl.d/99-ports.conf


- name: enable linger (so user services start without login required)
  ansible.builtin.shell:
    cmd: loginctl enable-linger