---
# Tinc VPN Setup and Configuration

- name: Main - Set different base dir for macOS
  set_fact:
    tinc_base_dir: /usr/local/etc/tinc
  when: (override_os_family is defined) | ternary(override_os_family,ansible_os_family) == "Darwin"

- name: Main - Install tinc
  include_tasks: "{{ item }}"
  with_first_found:
    - "setup-{{ ansible_distribution }}.yml"
    - "setup-{{ (override_os_family is defined) | ternary(override_os_family,ansible_os_family) }}.yml"


- name: Main - Create tinc directories
  become: yes
  file:
    path: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/hosts"
    state: directory
    mode: '0755'

- name: Main - Create new host keypair
  become: yes
  shell: |
    export PATH=/usr/local/sbin:/usr/local/bin:$PATH
    tincd -n {{ tinc_vpn_id }} -K4096
  args:
    chdir: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}"
    creates: rsa_key.priv

- name: Main - Create config
  become: yes
  template:
    src: "{{ role_path }}/templates/tinc.conf.j2"
    dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/tinc.conf"

- name: Main - Fetch public key
  become: yes
  fetch:
    src: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/rsa_key.pub"
    dest: "{{ role_path }}/templates/tmp/rsa_key-{{ ansible_hostname }}.pub"
    flat: yes

- name: Main - Create own hostfile
  become: yes
  template:
    src: "{{ role_path }}/templates/hostfile.j2"
    dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/hosts/{{ ansible_hostname }}"


- name: Main - Create tinc-up script
  become: yes
  template:
    src: "{{ role_path }}/templates/tinc-up.j2"
    dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/tinc-up"
    mode: '0755'

- name: Main - Create tinc-down script
  become: yes
  template:
    src: "{{ role_path }}/templates/tinc-down.j2"
    dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/tinc-down"
    mode: '0755'


- name: Tinc - Fetch all hostfiles
  become: yes
  fetch:
    src: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/hosts/{{ ansible_hostname }}"
    dest: "{{ role_path }}/files/tmp/{{ ansible_hostname }}"
    flat: yes


- name: "Main - Enable {{ tinc_vpn_id }}"
  become: yes
  block:
    - name: "Main - Enable {{ tinc_vpn_id }} in tinc config"
      lineinfile:
        name: "{{ tinc_base_dir }}/nets.boot"
        line: "{{ tinc_vpn_id }}"
        create: yes
    - name: "Main - Enable and restart tinc service"
      systemd:
        name: tinc
        state: restarted
        enabled: yes
    - name: "Main - Enable and restart tinc@{{ tinc_vpn_id }} service"
      systemd:
        name: "tinc@{{ tinc_vpn_id }}"
        state: restarted
        enabled: yes
  when: inventory_hostname != 'localhost'