---

- name: Wait for hosts to be ready
  hosts: all
  gather_facts: false
  tasks:
  - name: Wait for system to become reachable
    wait_for_connection:
      timeout: 300
      sleep: 10

- name: Backup
  hosts: backup
  become: true
  become_user: root
  tasks:
    - name: Install backup script
      ansible.builtin.template:
        src: backup.sh.j2
        dest: /root/backup.sh
        mode: '0700'
        owner: root
    - ansible.builtin.file:
        path: /root/.ssh
        owner: root
        state: directory
        mode: '0700'
    - name: Install SSH Keys
      ansible.builtin.template:
        src: storagebox.j2
        dest: /root/.ssh/storagebox
        mode: '0600'
        owner: root
    - name: Add Known Hosts entries
      ansible.builtin.known_hosts:
        path: "/root/.ssh/known_hosts"
        name: "{{ backup.known_hosts.name }}"
        key: "{{ backup.known_hosts.key }}"

- name: Restore from Backup
  hosts: unprovisioned
  become: true
  become_user: root
  gather_facts: true
  tasks:
    - block:
        - name: Install restore script
          ansible.builtin.template:
            src: restore.sh.j2
            dest: /root/restore.sh
            mode: '0700'
            owner: root
        - ansible.builtin.file:
            path: /root/.ssh
            owner: root
            state: directory
            mode: '0700'
        - name: Install SSH Keys
          ansible.builtin.template:
            src: storagebox.j2
            dest: /root/.ssh/storagebox
            mode: '0600'
            owner: root
        - name: Add Known Hosts entries
          ansible.builtin.known_hosts:
            path: "/root/.ssh/known_hosts"
            name: "{{ backup.known_hosts.name }}"
            key: "{{ backup.known_hosts.key }}"
        - name: Restore from Borg
          become: true
          become_user: root
          ansible.builtin.command:
            chdir: /
            cmd: bash /root/restore.sh
        - name: Remove script from host
          ansible.builtin.file:
            path: /root/restore.sh
            state: absent
        - set_fact:
            provisioned: true
            cacheable: true
      when: ansible_facts.provisioned is undefined

- name: Setup Registry credentials
  hosts: all
  tasks:
    - ansible.builtin.file:
        path: /home/core/.docker
        owner: core
        state: directory
        mode: '0700'
    - ansible.builtin.template:
        src: docker-config.json.j2
        dest: /home/core/.docker/config.json
        mode: '0600'
        owner: core


- name: Install Services
  hosts: host.nc.chaoswg.org
  vars:
    state: present
  roles:
    - { role: compose_project, service: traefik }
    - { role: compose_project, service: keycloak }
    - { role: compose_project, service: minio }
    - { role: compose_project, service: registry }
    - { role: compose_project, service: gitea }
    - { role: compose_project, service: ba-gitlab-runner }
    - { role: compose_project, service: wireguard }
    - { role: compose_project, service: hedgedoc }
    - { role: compose_project, service: miniflux }
    - { role: compose_project, service: matrix }
    - { role: compose_project, service: nextcloud }
    - { role: compose_project, service: search }
    - { role: compose_project, service: syncthing }
    - { role: compose_project, service: blog }
    - { role: compose_project, service: caddy }
    - { role: compose_project, service: diun }
    - { role: compose_project, service: thelounge }
    - { role: compose_project, service: tubearchivist }
    - { role: compose_project, service: watchtower }
...