# Run with
# ansible-playbook -i raspberrypi, 02-provision_new_pi.yml
# where "raspberrypi" is the hostname of the pi
---

- hosts: all
  gather_facts: false
  vars:
    timezone: "Europe/Berlin"
    wifi_country: "DE"
    wifi_ssid: "" # put SSID here to configure wifi
    wifi_pass_url: "bauer_wifi"  # has to be in keepass with url "wifi_pass_url"
    ansible_ssh_pass: raspberry
    ansible_become: yes
    ansible_become_password: raspberry
    new_hostname: "" # set this to change the hostname
  vars_prompt:
    - name: ansible_user
      prompt: "User to connect with, put in 'pi' here if you connect the first time, else leave empty"
      default: root
  tasks:
    - name: Do apt update/upgrade
      apt:
        upgrade: yes
        update_cache: yes
        cache_valid_time: 7200
    - name: Detect Raspi Model
      slurp: src=/sys/firmware/devicetree/base/model
      register: raspberry_model
    - name: Show Raspi Model
      debug: msg={{ raspberry_model.content | b64decode }}
    - name: Add authorized SSH key to root account
      authorized_key:
        user: root
        key: "{{ lookup('file', '../public_keys/martin_laptop.pub') }}"
        state: present
    - name: Activate root login with key
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: "^#?PermitRootLogin"
        line: "PermitRootLogin prohibit-password"
      notify: restart sshd
    - name: Deactive SSH accepting locale vars (leads to warnings)
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: "^#?AcceptEnv LANG LC_*"
        line: "#AcceptEnv LANG LC_*"
      notify: restart sshd
    - name: Get hostname
      command: "raspi-config nonint get_hostname"
      register: pi_hostname
      changed_when: False
    - name: Change hostname to {{ new_hostname }}
      command: "raspi-config nonint do_hostname {{ new_hostname }}"
      when: new_hostname | bool and pi_hostname.stdout != new_hostname
    - name: set boot mode to CLI
      command: "raspi-config nonint do_boot_behaviour B1"
    #I2 Change Timezone
    - name: Change timezone
      command: "raspi-config nonint do_change_timezone {{ timezone }}"
    - name: Change locale
      command: "raspi-config nonint do_change_locale en_US.UTF-8"
    - name: Change password of default pi account
      user:
        name: pi
        update_password: always
        password: "{{ lookup('keepass', 'default_rpi_password') | password_hash('sha512')  }}"
    - name: Install Packages (vim, git, basic python stuff)
      apt:
        name:
          - vim
          - git
          - python3
          - python3-pip
          - python3-wheel
        cache_valid_time: 7200
        state: present
    - name: Copy vim config
      copy: src=../configs/vimrc dest=/root/.vimrc
    - name: Copy git config
      copy: src=../configs/gitconfig dest=/root/.gitconfig
    # Wifi
    - name: Get WiFi country
      command: "raspi-config nonint get_wifi_country"
      register: wifi_country
      changed_when: False
      ignore_errors: yes #to avoid error when WiFi is not present
      when: wifi_ssid | bool
    - name: Change WiFi country
      command: "raspi-config nonint do_wifi_country {{ wifi_country }}"
      when: wifi_ssid | bool
    - name: Set WiFi credentials
      command: "raspi-config nonint do_wifi_ssid_passphrase {{ wifi_ssid }} {{ lookup('keepass', wifi_pass_url) }}"
      when: wifi_ssid | bool

  handlers:
    - name: restart sshd
      service:
        name: sshd
        state: restarted