---

- hosts: all
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: yes
      changed_when: False

- hosts: all
  tasks:

    - name: Set-up /etc/hosts entries
      lineinfile:
        dest: /etc/hosts
        line: "{{ item.key }} {{ item.value }}"
      with_dict:
        10.31.127.10: "ldap-server backup-server"
        10.31.127.20: "client1"
        10.31.127.30: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
        10.31.127.31: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"

- hosts: client1
  tasks:

    - name: Install tool for testing TCP connectivity
      apt:
        name: hping3
        state: installed

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca.cert.pem
        dest: /usr/local/share/ca-certificates/testca.crt
        owner: root
        group: root
        mode: 0644
      notify:
        - Update CA certificate cache

    - name: Install console-based XMPP client (for interactive testing)
      apt:
        name: mcabber
        state: installed

    - name: Install console-based XMPP tool (for non-interactive testing)
      apt:
        name: sendxmpp
        state: installed

    - name: Create dedicated group for testing
      group:
        name: user
        state: present

    - name: Create dedicated user for testing
      user:
        name: user
        group: user
        shell: /bin/bash

    - name: Deploy mcabber configuration files
      template:
        src: tests/data/mcabber.cfg.j2
        dest: "~user/{{ item.jid }}.cfg"
        owner: user
        group: user
        mode: 0600
      with_items:
        - jid: john.doe@domain1
          password: johnpassword
          server: domain1
          security: tls
          nickname: john.doe
        - jid: jane.doe@domain2
          password: janepassword
          server: domain2
          security: ssl
          nickname: jane.doe
        - jid: mick.doe@domain3
          password: mickpassword
          server: domain3
          security: tls
          nickname: mick.doe
        - jid: noxmpp@domain1
          password: noxmpppassword
          server: domain1
          security: tls
          nickname: noxmpp

  handlers:

    - name: Update CA certificate cache
      command: /usr/sbin/update-ca-certificates --fresh

- hosts: ldap-server
  roles:
    - role: ldap_server
      ldap_admin_password: admin
      ldap_entries:

        # Users
        - dn: uid=john,ou=people,dc=local
          attributes:
            objectClass:
              - inetOrgPerson
              - simpleSecurityObject
            userPassword: johnpassword
            uid: john
            cn: John Doe
            sn: Doe
            mail: john.doe@domain1
        - dn: uid=jane,ou=people,dc=local
          attributes:
            objectClass:
              - inetOrgPerson
              - simpleSecurityObject
            userPassword: janepassword
            uid: jane
            cn: Jane Doe
            sn: Doe
            mail: jane.doe@domain2
        - dn: uid=mick,ou=people,dc=local
          attributes:
            objectClass:
              - inetOrgPerson
              - simpleSecurityObject
            userPassword: mickpassword
            uid: mick
            cn: Mick Doe
            sn: Doe
            mail: mick.doe@domain3

        - dn: uid=noxmpp,ou=people,dc=local
          attributes:
            objectClass:
              - inetOrgPerson
              - simpleSecurityObject
            userPassword: noxmpppassword
            uid: noxmpp
            cn: No XMPP
            sn: XMPP
            mail: noxmpp@domain1

        # Groups
        - dn: "cn=xmpp,ou=groups,dc=local"
          state: append
          attributes:
            uniqueMember:
              - uid=john,ou=people,dc=local
              - uid=jane,ou=people,dc=local
              - uid=mick,ou=people,dc=local

      ldap_server_consumers:
        - name: prosody
          password: prosodypassword

      ldap_server_domain: "local"
      ldap_server_groups:
        - name: xmpp
      ldap_server_organization: "Example"
      ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}"
      ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}"

      # common
      ca_certificates:
        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

      # ldap_client
      ldap_client_config:
        - comment: CA truststore
          option: TLS_CACERT
          value: /etc/ssl/certs/testca.cert.pem
        - comment: Ensure TLS is enforced
          option: TLS_REQCERT
          value: demand
        - comment: Base DN
          option: BASE
          value: dc=local
        - comment: URI
          option: URI
          value: ldapi:///

    - role: backup_server
      backup_host_ssh_private_keys:
        dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
        rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
        ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
        ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
      backup_clients:
        - server: parameters-optional
          ip: 10.31.127.31
          public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

- hosts: parameters-mandatory.domain1
  roles:
    - role: xmpp_server
      xmpp_administrators:
        - john.doe@domain1
      xmpp_ldap_base_dn: dc=local
      xmpp_ldap_password: prosodypassword
      xmpp_ldap_server: ldap-server

      # Common parameters (general, not role).
      tls_certificate_dir: tests/data/x509/
      tls_private_key_dir: tests/data/x509/

      # common
      ca_certificates:
        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

- hosts: parameters-optional
  roles:
    - role: xmpp_server
      xmpp_administrators:
        - jane.doe@domain2
        - mick.doe@domain3
      xmpp_domains:
        - domain2
        - domain3
      xmpp_ldap_base_dn: dc=local
      xmpp_ldap_password: prosodypassword
      xmpp_ldap_server: ldap-server
      xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.cert.pem') }}"
      xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.key.pem') }}"

      # Common parameters (general, not role).
      tls_certificate_dir: tests/data/x509/
      tls_private_key_dir: tests/data/x509/

      # common
      ca_certificates:
        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

      # backup_client
      enable_backup: yes
      backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
      backup_server: backup-server
      backup_server_host_ssh_public_keys:
        - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
      backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"


- hosts: parameters-optional
  tasks:

    - name: Install console-based XMPP tool (for non-interactive testing)
      apt:
        name: sendxmpp
        state: installed