---
# Tinc VPN Setup and Configuration

- name: Main - Set different base dir for macOS
  when: (override_os_family is defined) | ternary(override_os_family,ansible_os_family) == "Darwin"
  ansible.builtin.set_fact:
    tinc_base_dir: /usr/local/etc/tinc

- name: Main - Install tinc
  ansible.builtin.include_tasks: "{{ item }}"
  with_first_found:
    - "setup-{{ ansible_distribution }}.yml"
    - "setup-{{ (override_os_family is defined) | ternary(override_os_family,ansible_os_family) }}.yml"

- name: Main - Create tinc directories
  become: yes
  ansible.builtin.file:
    path: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/hosts"
    state: directory
    mode: "0755"

- name: Main - Create new host keypair
  become: yes
  ansible.builtin.shell: |
    export PATH=/usr/local/sbin:/usr/local/bin:$PATH
    tincd -n {{ tinc_vpn_id }} -K4096
  args:
    chdir: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}"
    creates: rsa_key.priv

- name: Main - Create config
  become: yes
  ansible.builtin.template:
    src: "{{ role_path }}/templates/tinc.conf.j2"
    dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/tinc.conf"

- name: Main - Fetch public key
  become: yes
  ansible.builtin.fetch:
    src: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/rsa_key.pub"
    dest: "{{ role_path }}/templates/tmp/rsa_key-{{ ansible_hostname | replace('-', '_') }}.pub"
    flat: yes

- name: Main - Create own hostfile
  become: yes
  ansible.builtin.template:
    src: "{{ role_path }}/templates/hostfile.j2"
    dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/hosts/{{ ansible_hostname | replace('-', '_') }}"

- name: Main - Create tinc-up script
  become: yes
  ansible.builtin.template:
    src: "{{ role_path }}/templates/tinc-up.j2"
    dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/tinc-up"
    mode: "0755"

- name: Main - Create tinc-down script
  become: yes
  ansible.builtin.template:
    src: "{{ role_path }}/templates/tinc-down.j2"
    dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/tinc-down"
    mode: "0755"

- name: Main - Fetch all hostfiles
  become: yes
  ansible.builtin.fetch:
    src: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/hosts/{{ ansible_hostname | replace('-', '_') }}"
    dest: "{{ role_path }}/files/tmp/{{ ansible_hostname | replace('-', '_') }}"
    flat: yes

- name: "Main - Enable {{ tinc_vpn_id }}"
  when: ansible_os_family != 'Darwin'
  become: yes
  block:
    - name: "Main - Enable {{ tinc_vpn_id }} in tinc config"
      ansible.builtin.lineinfile:
        name: "{{ tinc_base_dir }}/nets.boot"
        line: "{{ tinc_vpn_id }}"
        create: yes
    - name: "Main - Enable and restart tinc service"
      ansible.builtin.systemd:
        name: tinc
        state: restarted
        enabled: yes
    - name: "Main - Enable and restart tinc@{{ tinc_vpn_id }} service"
      ansible.builtin.systemd:
        name: "tinc@{{ tinc_vpn_id }}"
        state: restarted
        enabled: yes