---
- name: Setup homelab basics for DietPi systems
  hosts: homelab
  become: true
  tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        cache_valid_time: 1200

    - name: Update cache and all packages
      register: updatesys
      ansible.builtin.apt:
        upgrade: dist
        update_cache: true

    - name: Display the last line of the previous task to check the stats
      ansible.builtin.debug:
        msg: "{{updatesys.stdout_lines|last}}"

    - name: Install basic packages
      ansible.builtin.apt:
        update_cache: true
        name:
          - apt-file
          - apt-listchanges
          - apt-utils
          - atop
          - autoconf
          - automake
          - borgbackup
          - borgmatic
          - build-essential
          - byobu
          - cmake
          - curl
          - firewalld
          - git
          - htop
          - httpie
          - iotop
          - less
          - libpam-systemd
          - lynis
          - man-db
          - manpages
          - nfs-common
          - nmon
          - pipx
          - python3-dev
          - python3-pip
          - rkhunter
          - rclone
          - rsync
          - unattended-upgrades
          - vim
          - wget
          - zsh
        state: present

    - name: Unmask systemd-logind
      ansible.builtin.systemd_service:
        name: systemd-logind
        enabled: true
        masked: no

    - name: Ensure systemd-networkd is enabled
      ansible.builtin.systemd_service:
        name: systemd-networkd
        enabled: true

    - name: Ensure man-db.timer is enabled
      ansible.builtin.systemd_service:
        name: man-db.timer
        enabled: true

    - name: Configure unattended-upgrades mail user
      ansible.builtin.lineinfile:
        path: /etc/apt/apt.conf.d/50unattended-upgrades
        search_string: "//Unattended-Upgrade::Mail"
        line: 'Unattended-Upgrade::Mail "jas";'
        owner: root
        group: root
        mode: "0644"

    - name: Configure unattended-upgrades automatic reboot
      ansible.builtin.lineinfile:
        path: /etc/apt/apt.conf.d/50unattended-upgrades
        search_string: "//Unattended-Upgrade::Automatic-Reboot"
        line: 'Unattended-Upgrade::Automatic-Reboot "true";'
        owner: root
        group: root
        mode: "0644"

    - name: Disable apt downloading translations
      ansible.builtin.lineinfile:
        path: /etc/apt/apt.conf.d/99translations
        create: true
        line: 'Acquire::Languages "none";'
        owner: root
        group: root
        mode: "0644"

    - name: Set the shell to zsh for dietpi user
      ansible.builtin.user:
        name: jas
        shell: /usr/bin/zsh

    - name: Check if reboot is required
      ansible.builtin.stat:
        path: /var/run/reboot-required
      register: reboot_required

    - name: Set is_reboot_required fact
      ansible.builtin.set_fact:
        is_reboot_required: "{{ True if reboot_required.stat.exists else False }}"

    - name: Reboot is needed
      ansible.builtin.reboot:
        reboot_timeout: 120
      when: is_reboot_required | bool

    - name: Post-reboot confirmation
      ansible.builtin.debug:
        msg: "{{ ansible_host }} is now back up and running"
      when: is_reboot_required | bool