---
# FIXME #691138, better: prepare interfaces ready to use, c.f. down below, macvtap.
# This task needs to be run before the last apt run to provide a ready-to-use installation.
- name: Allow users to attach to bridge
  ansible.builtin.copy:
    dest: /etc/apt/apt.conf.d/94qemu-bridge-suid
    content: |
      ## Modify permissions after installation/upgrade
      ## to run qemu-bridge as root
      DPkg::Post-Invoke {"/usr/bin/chmod 4755 /usr/lib/qemu/qemu-bridge-helper || true"; };


- name: install libvirt packages
  apt:
    name:
      - ctorrent
      - libvirt-daemon-system
      - virt-manager
    state: latest
    autoremove: true

    #- name: allow all users to use VMs
    #  lineinfile:
    #    dest: /etc/libvirt/libvirtd.conf
    #    line: 'auth_unix_rw = "none"'
    #    insertafter: '#auth_unix_rw = "polkit"'
    #  notify: reload libvirtd

- name: Configure pam_mount for VM bind mounts
  blockinfile:
    dest: /etc/security/pam_mount.conf.xml
    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mounts for VMs) -->"
    block: |
      <!-- bind mounts for the VMs, setting gid here does not work -->
      <volume
        path="~"
        mountpoint="/lmn/media/%(USER)/home"
        options="bind"
        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
      </volume>
      <volume
        path="/srv/samba/schools/default-school/share"
        mountpoint="/lmn/media/%(USER)/share"
        options="bind"
        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
      </volume>
    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"

- name: Use umount script for proper cleanup
  blockinfile:
    dest: /etc/security/pam_mount.conf.xml
    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (umount script needed for bind mounts ordering) -->"
    block: |
      <!-- Provide special umount script here to handle bind mounts and proper ordering -->
      <umount>/usr/local/sbin/pam-umount.sh %(USER) %(USERUID) %(MNTPT)</umount>
    insertafter: '^<mntoptions.*'

- name: Prepare umount script
  ansible.builtin.copy:
    src: pam-umount.sh
    dest: /usr/local/sbin/pam-umount.sh
    mode: "0755"

- name: Insert domain in default-network
  lineinfile:
    path: /etc/libvirt/qemu/networks/default.xml
    line: '  <domain name="{{ ansible_domain }}" localOnly="no"/>'
    insertafter: '</ip>'

- name: Autostart default network for VMs
  file:
    src: /etc/libvirt/qemu/networks/default.xml
    dest: /etc/libvirt/qemu/networks/autostart/default.xml
    state: link

- name: Create system-user syncing VM-files and others
  ansible.builtin.user:
    name: lmnsynci
    comment: lmn sync user
    system: true
    create_home: false

- name: Create /lmn directory
  file:
    path: /lmn
    state: directory

- name: Create /lmn/media directory
  file:
    path: /lmn/media
    state: directory
    mode: '1777'

- name: Create vm directory
  file:
    path: /lmn/vm
    state: directory
    owner: lmnsynci
    group: lmnsynci
    mode: 0755

- name: Install squid
  apt:
    name:
      - squid
    state: latest
    autoremove: true

- name: Disable squid
  systemd:
    name: squid
    enabled: false
    state: stopped

- name: Deploy squid user mode configuration
  template:
    src: squid-usermode.conf.j2
    dest: /etc/squid/squid-usermode.conf
    mode: '0644'

- name: Deploy sudo configurations
  copy:
    src: "{{ item }}"
    dest: "/etc/sudoers.d/90-{{ item }}"
    owner: root
    group: root
    mode: '0700'
  loop:
    - lmn-mounthome
    - lmn-sync-vm
    - lmn-upload-vm
    - lmn-link-images
    - lmn-startvirtiofsd

- name: Deploy vmimages scripts
  copy:
    src: "{{ item }}"
    dest: /usr/local/bin/
    owner: root
    group: root
    mode: '0755'
  loop:
    - mounthome.sh
    - create-vm.sh
    - rebase-vm.sh
    - run-vm.sh
    - upload-vm.sh
    - sync-vm.sh
    - link-images.sh
    - start-virtiofsd.sh
    - linbo-torrenthelper.sh
    - vmimage-torrent
    - virtiofsd

- name: Deploy linbo-torrent defaults
  copy:
    src: linbo-torrent
    dest: /etc/default/
    owner: root
    group: root
    mode: '0755'

- name: Deploy vmimage-torrent.service
  copy:
    src: vmimage-torrent.service
    dest: /etc/systemd/system/
    owner: root
    group: root
    mode: '0644'
  notify: "enable vmimage-torrent.service"

- name: Prepare directory for qemu bridge config
  ansible.builtin.file:
    path: /etc/qemu/
    state: directory

- name: Deploy bridge.conf needed for qemu session mode
  ansible.builtin.copy:
    dest: /etc/qemu/bridge.conf
    content: |
      allow virbr0
      allow virbr1

- name: Deploy rsync.secret
  lineinfile:
    path: /etc/rsync.secret
    line: "{{ rsyncsecret }}"
    create: True
    mode: '0600'


- name: Configure macvtap interface
  ansible.builtin.copy:
    dest: /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
    mode: '0600'
    content: |
      [connection]
      id=macvlan-vm-macvtap
      type=macvlan
      interface-name=vm-macvtap
      [macvlan]
      mode=2
      parent={{ ansible_default_ipv4['interface'] }}
      tap=true
      [ipv4]
      method=disabled
      [ipv6]
      method=disabled
      [proxy]

- name: Adjust interface permissions for user mode VMs
  ansible.builtin.copy:
    dest: /etc/udev/rules.d/80-macvlan.rules
    content: |
      SUBSYSTEMS=="net", KERNELS=="vm-macvtap", MODE="0666"


- name: Create directory for local .desktop-Files
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - /usr/local/share/applications
    - /usr/local/share/desktop-directories
  notify: Run update-desktop-database

- name: Set owner lmnsynci for menu entry directory
  file:
    path: /usr/local/share/applications
    state: directory
    owner: lmnsynci

- name: Copy fvs.directory
  ansible.builtin.copy:
    src: fvs.directory
    dest: /usr/local/share/desktop-directories/
  notify: Run update-desktop-database

- name: Copy fvs.menu
  ansible.builtin.copy:
    src: fvs.menu
    dest: /etc/xdg/menus/applications-merged/
  notify: Run update-desktop-database

- name: Sync .torrent, .xml and .desktop files and run update-desktop-database
  command: sudo -u lmnsynci /usr/local/bin/sync-vm.sh -t
  register: result
  changed_when: result.stdout | length > 0

- name: Start virt-manager in session mode by default
  ansible.builtin.copy:
    dest: /usr/local/bin/virt-manager
    content: |
      #!/usr/bin/sh
      exec /usr/bin/virt-manager --connect qemu:///session $@
    mode: '0755'

- name: Copy vm-netboot script
  ansible.builtin.copy:
    src: vm-netboot
    dest: /usr/local/bin/
    mode: '0755'