# Preparations (Hardware Level)

- name: ...IS BEGINNING ============================================
  command: echo

- name: Install uuidgen program (debuntu)
  package:
    name: uuid-runtime
    state: present
  when: is_debuntu

- name: Test for /etc/iiab/uuid file
  stat:
    path: /etc/iiab/uuid
  register: uuid_file

- name: Create folder to hold uuid
  file:
    path: /etc/iiab
    state: directory
  when: not uuid_file.stat.exists

- name: If no uuid exists, create one
  shell: uuidgen
  register: uuid_response
  when: not uuid_file.stat.exists

- name: Put the uuid in place
  shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
  when: not uuid_file.stat.exists

- name: Get the uuid
  command: cat /etc/iiab/uuid
  register: stored_uuid

- name: Get the value into a variable
  set_fact:
    uuid: "{{ stored_uuid.stdout_lines[0] }}"

- name: SSHD
  include_role:
    name: sshd
  # has no "when: XXXXX_install" flag
  tags: base, sshd

- name: IIAB-ADMIN
  include_role:
    name: iiab-admin
  # has no "when: XXXXX_install" flag
  tags: base, iiab-admin

- name: OPENVPN
  include_role:
    name: openvpn
  when: openvpn_install
  tags: openvpn

# for rpi, without rtc, we need time as soon as possible
- name: Install chrony package
  package:
    name: "{{ item }}"
    state: present
  with_items:
    - chrony
  tags:
    - download

#TODO: Use regexp filter instead of hard-code ip
- name: Update chrony config file
  template:
    backup: no
    dest: /etc/chrony.conf
    src: chrony.conf.j2

- name: Disable AppArmor -- override OS default (ubuntu)
  service:
    name: apparmor
    enabled: False
    state: stopped
  when: is_ubuntu
  ignore_errors: true

- name: Disable SELinux on next boot (OS's other than debuntu)
  selinux:
    state: disabled
  register: selinux_disabled
  when: not is_debuntu

- name: Disable SELinux for this session (OS's other than debuntu, if needed)
  command: setenforce Permissive
  when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed

##  DISCOVER PLATFORMS ######
# Put conditional actions for hardware platforms here
- include_tasks: raspberry_pi.yml
  when: first_run and rpi_model != "none"

- name: Check if the identifier for Intel's NUC6 builtin WiFi is present
  shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
  register: usb_NUC6
  ignore_errors: true

- name: Download the firmware for built-in WiFi on NUC6
  get_url:
    url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
    dest: /lib/firmware
    timeout: "{{ download_timeout }}"
  when: internet_available and usb_NUC6.stdout|int > 0

# this script can be sourced to get IIAB location
- name: Recording STAGE 1 HAS COMPLETED ============================
  template:
    src: roles/1-prep/templates/iiab.env.j2
    dest: /etc/iiab/iiab.env
    owner: root
    group: root
    mode: 0644