---
- name: Update web servers
  hosts: all
  remote_user: root
  vars:
    swapfile_size: 1024
    swapfile_path: /swapfile
  tasks:
  - name: Update all packages to their latest version
    ansible.builtin.apt:
      name: "*"
      state: latest
      update_cache: yes
  - name: Install a list of packages
    ansible.builtin.apt:
      pkg:
      - htop
      - unp
      - ufw
      - net-tools
      - unzip
      - btop
      - git
      - make
      - fzf

  - name: Remove "neovim" package
    ansible.builtin.apt:
      name: neovim
      state: absent

  - name: Create swap file
    command: dd if=/dev/zero of={{ swapfile_path }} bs=1M count={{ swapfile_size }}
    args:
      creates: "{{ swapfile_path }}"
    register: swapfile_register_create

  - name: Set swap file permissions
    file:
      path: "{{ swapfile_path }}"
      state: "file"
      owner: "root"
      group: "root"
      mode: "0600"

  - name: Initialize swap file
    command: mkswap {{ swapfile_path }}
    when: swapfile_register_create is changed

  - name: Enable swap file
    command: swapon {{ swapfile_path }}
    when: swapfile_register_create is changed

  - name: Manage swap file in /etc/fstab
    mount:
      src: "{{ swapfile_path }}"
      name: "none"
      fstype: "swap"
      opts: "sw,nofail"
      dump: "0"
      passno: "0"
      state: "present"
  
  - name: Allow all access to tcp port 22
    community.general.ufw:
      rule: allow
      port: '22'
      proto: tcp
  
  #Monitoring Server
  - name: Install monitoring service from deb
    ansible.builtin.apt:
      deb: https://kekscloud-releases.s3.eu-central-003.backblazeb2.com/http-server-status/stable.deb

  - name: Allow all access to tcp port 3003
    community.general.ufw:
      rule: allow
      port: '3003'
      proto: tcp

  - name: Enable service httpd and ensure it is not masked
    ansible.builtin.systemd:
      name: http-server-status
      enabled: true
      masked: no
  
  - name: Make sure a service http-server-status.service is running
    ansible.builtin.systemd:
      state: restarted
      name: http-server-status.service

  - name: Allow everything and enable UFW
    community.general.ufw:
      state: enabled
      policy: deny
  
  - name: Download b2 client
    ansible.builtin.get_url:
      url: https://github.com/Backblaze/B2_Command_Line_Tool/releases/download/v3.9.0/b2-linux
      dest: /usr/local/bin/b2
      mode: '0770'
  
  - name: Setup b2 client for backups
    ansible.builtin.command: "b2 authorize_account {{ b2keyID }} {{ b2applicationKey }}"


  # Install neovim from source if not exists, needed because the apt version ist 7.x but we need 8.x
  - name: Check if nviom config folder exists
    stat:
      path: "/opt/nvim-linux64/bin"
    register: nvim

  - name: Download nvim for linux
    ansible.builtin.get_url:
      url: "https://github.com/neovim/neovim/releases/download/v0.9.5/nvim-linux64.tar.gz"
      dest: "/tmp/nvim-linux64.tar.gz"
      mode: '0440'
    when: not nvim.stat.exists

  - name: Extract nvim to /opt
    ansible.builtin.unarchive:
      src: "/tmp/nvim-linux64.tar.gz"
      remote_src: true
      dest: /opt
    when: not nvim.stat.exists

  - name: add nvim to path in bash
    ansible.builtin.lineinfile:
      path: ~/.bashrc
      regexp: '^export PATH'
      line: 'export PATH="$PATH:/opt/nvim-linux64/bin"'


  # Setup neovim
  - name: Check if nviom config folder exists
    stat:
      path: "~/.config/nvim"
    register: nvimConfig

  - name: Git checkout
    ansible.builtin.git:
      repo: 'https://github.com/LazyVim/starter'
      dest: '~/.config/nvim/'
    when: not nvimConfig.stat.exists