- name: Configure fallback name resolution
  ansible.builtin.lineinfile:
    path: /etc/hosts
    line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item ~ '.' ~ vapp['metacluster.fqdn'] }}"
    state: present
  loop:
    # TODO: Make this list dynamic
    - ca
    - git
    - gitops
    - ingress
    - registry
    - storage

- name: Initialize tempfile
  ansible.builtin.tempfile:
    state: file
  register: stepca_password

- name: Store password in tempfile
  ansible.builtin.copy:
    dest: "{{ stepca_password.path }}"
    content: "{{ vapp['metacluster.password'] }}"
  no_log: true

- name: Generate step-ca helm chart values (including root CA certificate)
  ansible.builtin.shell:
    cmd: >-
      step ca init \
        --helm \
        --deployment-type=standalone \
        --name=ca.{{ vapp['metacluster.fqdn'] }} \
        --dns=ca.{{ vapp['metacluster.fqdn'] }} \
        --dns=step-certificates.step-ca.svc.cluster.local \
        --dns=127.0.0.1 \
        --address=:9000 \
        --provisioner=admin \
        --acme \
        --password-file={{ stepca_password.path }}
  register: stepca_values

- name: Cleanup tempfile
  ansible.builtin.file:
    path: "{{ stepca_password.path }}"
    state: absent
  when: stepca_password.path is defined

- name: Store root CA certificate
  ansible.builtin.copy:
    dest: /usr/local/share/ca-certificates/root_ca.crt
    content: "{{ (stepca_values.stdout | from_yaml).inject.certificates.root_ca }}"

- name: Update certificate truststore
  ansible.builtin.command:
    cmd: update-ca-certificates

- name: Get all stored fully qualified container image names
  ansible.builtin.shell:
    cmd: >-
      skopeo list-tags \
        --insecure-policy \
        docker-archive:./{{ item | basename }} | \
      jq -r '.Tags[0]'
    chdir: /opt/metacluster/container-images
  register: registry_artifacts
  loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') | sort }}"
  loop_control:
    label: "{{ item | basename }}"

- name: Get source registries of all artifacts
  ansible.builtin.set_fact:
    source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[0]]) | unique | sort }}"
  loop: "{{ registry_artifacts | json_query('results[*].stdout') | select | sort }}"

- name: Configure K3s node for private registry
  ansible.builtin.template:
    dest: /etc/rancher/k3s/registries.yaml
    src: registries.j2
  vars:
    _template:
      registries: "{{ source_registries }}"
      hv:
        fqdn: "{{ vapp['metacluster.fqdn'] }}"