---
- name: Bootstrap fresh installation
  hosts: all
  gather_facts: true
  roles:
    # Handle distribution-specific changes before the generic ones
    - role: os_fedora
      become: true
      when: ansible_distribution == "Fedora"

    - role: os_el
      become: true
      when: ansible_distribution in [ "AlmaLinux", "CentOS", "Rocky" ]

    - role: os_deb
      become: true
      when: ansible_distribution in [ "Debian", "Ubuntu" ]

    # Upgrade all packages and install the basic-bitch ones
    - role: base_system
      become: true

    # Enable Cockpit
    - role: cockpit
      become: true
      tags: cockpit

    # Enable Flathub repository and install configured flatpaks
    - role: flatpak
      when: ansible_distribution != "Ubuntu"
      tags: flatpak

    # Install Podman and configure UIDs/GIDs for rootless usage
    - role: podman
      become: true
      tags: podman

    # Install and configure SSH server
    - role: ssh_server
      become: true
      tags: sshd

    # Handle basic user configuration
    - base_desktop

    # Shell utilities
    - role: shell_zsh
      tags: zsh
    - role: shell_tmux
      tags: tmux

    # Directory for temporary files
    - role: tmpfiles
      become: true
      tags: tmpfiles

    # Configure git
    - role: git
      tags: git

    # Configure ssh
    - role: ssh_client
      tags: ssh

    # Set up GPG
    - role: gpg
      tags: gpg

    # Configure Alacritty terminal
    - role: terminal_alacritty
      tags: alacritty

    # Configure Kitty terminal
    - role: terminal_kitty
      tags: kitty

    # Install fonts
    - role: fonts
      tags: fonts

    # Install Bitwarden CLI
    - role: secrets_bw
      tags: bw

    # Install HashiCorp Vault
    - role: secrets_hcv
      tags: hcv

    # Install and configure Emacs
    - role: editor_emacs
      tags: emacs

    # Install and configure VSCode
    - role: editor_vscode
      tags: vscode

    # Install and configure Helix
    - role: editor_helix
      tags: helix

    # Install and configure neovim
    - role: editor_neovim
      tags: neovim

  tasks:
    # Install the Wireguard VPNs
    - name: Wireguard
      ansible.builtin.include_role:
        name: wg
        apply:
          become: true
      with_items: "{{ wg_connections }}"
      vars:
        wg_ifname: "{{ item.ifname }}"
        wg_generate_keypair: "{{ item.generate_keypair }}"
        wg_domain: "{{ item.domain }}"
        wg_gateway: "{{ item.gateway }}"
        wg_address: "{{ item.address }}"
        wg_peers: "{{ item.peers }}"
      tags: wireguard

  handlers:
    - name: Import common handlers
      ansible.builtin.import_tasks: ../handlers/main.yml