---
- name: Bootstrap fresh installation
  hosts: all
  gather_facts: true
  roles:
    # Handle distribution-specific changes before the generic ones
    - role: os/fedora
      become: true
      when: ansible_distribution == "Fedora"

    - role: os/el
      become: true
      when: ansible_distribution in [ "AlmaLinux", "CentOS" ]

    # Upgrade all packages and install the basic-bitch ones
    - role: base/system
      become: true

    # Enable Cockpit
    - role: system/cockpit
      become: true
      tags: cockpit

    # Enable Flathub repository and install configured flatpaks
    - role: system/flatpak
      when: ansible_distribution != "Ubuntu"
      tags: flatpak

    # Install Podman and configure UIDs/GIDs for rootless usage
    - role: system/podman
      become: true
      tags: podman

    # Install and configure SSH server
    - role: system/sshd
      become: true
      tags: sshd

    # Handle basic user configuration
    - base/desktop

    # Shell utilities
    - role: user/shell/zsh
      tags: zsh
    - role: user/shell/tmux
      tags: tmux
    - role: user/editors/neovim
      tags: neovim

    # Directory for temporary files
    - role: user/tmpfiles
      become: true
      tags: tmpfiles

    # Configure git
    - role: user/git
      tags: git

    # Configure ssh
    - role: user/ssh
      tags: ssh

    # Set up GPG
    - role: user/gpg
      tags: gpg

    # Configure Alacritty terminal
    - role: user/terminals/alacritty
      tags: alacritty

    # Configure Kitty terminal
    - role: user/terminals/kitty
      tags: kitty

    # Install fonts
    - role: user/fonts
      tags: fonts

    # Install Bitwarden CLI
    - role: user/secrets/bw
      tags: bw

    # Install HashiCorp Vault
    - role: user/secrets/hcv
      tags: hcv

    # Install and configure Emacs
    - role: user/editors/emacs
      tags: emacs

    # Install and configure VSCode
    - role: user/editors/vscode
      tags: vscode

    # Install and configure Helix
    - role: user/editors/helix
      tags: helix

  tasks:
    # Install the Wireguard VPNs
    - name: Wireguard
      ansible.builtin.include_role:
        name: wg
        apply:
          become: true
      with_items: "{{ wg_connections }}"
      vars:
        wg_ifname: "{{ item.ifname }}"
        wg_generate_keypair: "{{ item.generate_keypair }}"
        wg_domain: "{{ item.domain }}"
        wg_gateway: "{{ item.gateway }}"
        wg_address: "{{ item.address }}"
        wg_peers: "{{ item.peers }}"
      tags: wireguard