---

- name: Prepare, test fixtures
  hosts: localhost
  connection: local
  gather_facts: false
  tasks:

    - name: Initialise CA hierarchy
      ansible.builtin.command: "gimmecert init --ca-hierarchy-depth 2"
      args:
        creates: ".gimmecert/ca/level1.cert.pem"
        chdir: "tests/data/"

    - name: Set-up link to generated X.509 material
      ansible.builtin.file:
        src: ".gimmecert"
        dest: "tests/data/x509"
        state: link

- name: Prepare
  hosts: all
  become: true
  gather_facts: false
  tasks:

    - name: Install python for Ansible
      ansible.builtin.raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
      changed_when: false

    - name: Update all caches to avoid errors due to missing remote archives
      ansible.builtin.apt:
        update_cache: true
      changed_when: false

    - name: Install net-tools for running Testinfra host.socket tests
      ansible.builtin.apt:
        name: net-tools
        state: present

- name: Prepare, helpers
  hosts: helper
  become: true
  tasks:

    - name: Install apt-cacher-ng
      ansible.builtin.apt:
        name: apt-cacher-ng
        state: present

- name: Prepare, helpers
  hosts: client
  become: true
  tasks:

    - name: Install tool for testing TCP connectivity
      ansible.builtin.apt:
        name: nmap
        state: present

    - name: Set-up /etc/hosts with entries for all servers
      ansible.builtin.lineinfile:
        path: /etc/hosts
        regexp: "^{{ item.key }}"
        line: "{{ item.key }} {{ item.value }}"
        owner: root
        group: root
        mode: "0644"
        state: present
      with_dict:
        192.168.56.21: parameters-mandatory-bookworm
        192.168.56.22: parameters-optional-bookworm
        fd00::192:168:56:21: parameters-mandatory-bookworm
        fd00::192:168:56:22: parameters-optional-bookworm

- name: Prepare, test fixtures
  hosts: parameters-mandatory,parameters-optional
  become: true
  tasks:

    - name: Set-up /etc/hosts with entries for all servers
      ansible.builtin.lineinfile:
        path: /etc/hosts
        regexp: "^{{ item.key }}"
        line: "{{ item.key }} {{ item.value }}"
        owner: root
        group: root
        mode: "0644"
        state: present
      with_dict:
        192.168.56.3: client1
        192.168.56.4: client2

    - name: Load legacy iptables to test their removal
      community.general.modprobe:
        name: "{{ item }}"
        state: present
      with_items:
        - iptable_filter
        - iptable_nat
        - iptable_mangle
        - iptable_security
        - iptable_raw
        - ip6table_filter
        - ip6table_nat
        - ip6table_mangle
        - ip6table_security
        - ip6table_raw

    - name: Create some custom legacy iptables chains for testing their removal (max chain name length is 29)  # noqa no-changed-when
      # [no-changed-when] Commands should not change things if nothing needs doing
      #   Does not matter in test prepare stage.
      ansible.builtin.command: "iptables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'"
      with_items:
        - filter
        - nat
        - mangle
        - security
        - raw

    - name: Create some custom legacy ip6tables chains for testing their removal (max chain name length is 29)  # noqa no-changed-when
      # [no-changed-when] Commands should not change things if nothing needs doing
      #   Does not matter in test prepare stage.
      ansible.builtin.command: "ip6tables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'"
      with_items:
        - filter
        - nat
        - mangle
        - security
        - raw

    - name: Create deprecated directory for storing requirements files created using Python 3 (pip requirements upgrade checks)
      ansible.builtin.file:
        path: "/etc/pip_check_requirements_upgrades-py3"
        state: directory
        owner: root
        group: root
        mode: "0750"

    - name: Create deprecated directory for Python 3 virtual environment (pip requirements upgrade checks)
      ansible.builtin.file:
        path: "/var/lib/pipreqcheck/virtualenv-py3/"
        state: directory
        owner: root
        group: root
        mode: "0750"

    - name: Create deprecated cronjob file for Python 3 (pip requirements upgrade checks)
      ansible.builtin.file:
        path: "/etc/cron.d/check_pip_requirements-py3"
        state: touch
        owner: root
        group: root
        mode: "0644"

    - name: Install the deprecated/obsolete NTP-related packages
      ansible.builtin.apt:
        name:
          - ntp
          - ntpdate
        state: present