---

dependency: {}

driver:

  name: vagrant

  provider:

    name: virtualbox

lint:

  name: yamllint

  options:

    config-file: ../../.yamllint.yml

platforms:

  - name: parameters-mandatory-bookworm

    groups:

      - parameters-mandatory

    box: debian/bookworm64

    memory: 256

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

  - name: parameters-optional-bookworm

    groups:

      - parameters-optional

    box: debian/bookworm64

    memory: 256

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

provisioner:

  name: ansible

  config_options:

    defaults:

      force_valid_group_names: "ignore"

      interpreter_python: "/usr/bin/python3"

        network_name: private_network

        netmask: 116

        type: static

  - name: client2

    groups:

      - client

      - client-disallowed

    box: debian/bookworm64

    memory: 256

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

    interfaces:

      - auto_config: true

        ip: 192.168.56.4

        network_name: private_network

        type: static

      - auto_config: true

        ip: fd00::192:168:56:4

        network_name: private_network

        netmask: 116

        type: static

  - name: parameters-mandatory-bookworm

    groups:

      - parameters-mandatory

    box: debian/bookworm64

    memory: 384

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

    interfaces:

      - auto_config: true

        ip: 192.168.56.21

        network_name: private_network

        type: static

      - auto_config: true

        ip: fd00::192:168:56:21

        network_name: private_network

        netmask: 116

        type: static

  - name: parameters-optional-bookworm

    groups:

      - parameters-optional

    box: debian/bookworm64

    memory: 384

    - name: Install apt-cacher-ng

      apt:

        name: apt-cacher-ng

        state: present

- hosts: client

  become: true

  tasks:

    - name: Install tool for testing TCP connectivity

      apt:

        name: nmap

        state: present

    - name: Set-up /etc/hosts with entries for all servers

      lineinfile:

        path: /etc/hosts

        regexp: "^{{ item.key }}"

        line: "{{ item.key }} {{ item.value }}"

        owner: root

        group: root

        mode: 0644

        state: present

      with_dict:

        192.168.56.21: parameters-mandatory-bookworm

        192.168.56.22: parameters-optional-bookworm

        fd00::192:168:56:21: parameters-mandatory-bookworm

        fd00::192:168:56:22: parameters-optional-bookworm

- hosts: parameters-mandatory,parameters-optional

  become: true

  tasks:

    - name: Set-up /etc/hosts with entries for all servers

      lineinfile:

        path: /etc/hosts

        regexp: "^{{ item.key }}"

        line: "{{ item.key }} {{ item.value }}"

        owner: root

        group: root

        mode: 0644

        state: present

      with_dict:

        192.168.56.3: client1

        192.168.56.4: client2

    - name: Load legacy iptables to test their removal

      modprobe:

- name: Replace default and skeleton bashrc

  copy:

    src: "{{ item.key }}"

    dest: "{{ item.value }}"

    owner: root

    group: root

    mode: 0644

  with_dict:

    bashrc: "/etc/bash.bashrc"

    skel_bashrc: "/etc/skel/.bashrc"

- name: Calculate stock checksum for bashrc root account

  stat:

    path: "/root/.bashrc"

  register: root_bashrc_stat

- name: Replace stock bashrc for root account with skeleton one

  copy:

    src: "skel_bashrc"

    dest: "/root/.bashrc"

    owner: root

    group: root

    mode: 0640

  when: |

    root_bashrc_stat.stat.checksum == "1a422a148ad225aa5ba33f8dafd2b7cfcdbd701f"

- name: Install sudo

  apt:

    name: sudo

    state: present

- name: Install ssl-cert package

  apt:

    name: ssl-cert

    state: present

- name: Install common packages

  apt:

    name: "{{ common_packages }}"

    state: "present"

- name: Disable electric-indent-mode for Emacs by default for all users

  copy:

    src: "01disable-electric-indent-mode.el"

    dest: "/etc/emacs/site-start.d/01disable-electric-indent-mode.el"

    owner: root

    group: root

    virtualenv_python_version.rc != 0 or

    virtualenv_python_version.stdout.strip() != python_interpreter_version.stdout.strip() or

    current_virtualenv_prompt.stdout != "(pipreqcheck) "

- name: Create directory for Python virtual environment used for installing/running pip-tools

  file:

    path: "{{ item }}"

    state: directory

    owner: pipreqcheck

    group: pipreqcheck

    mode: 0750

  with_items:

    - "/var/lib/pipreqcheck"

    - "/var/lib/pipreqcheck/virtualenv"

- name: Create Python virtual environment used for installing/running pip-tools

  command: "/usr/bin/virtualenv --python '{{ item.python_path }}' --prompt '{{ item.virtualenv_prompt }}' '{{ item.virtualenv_path }}'"

  args:

    creates: "{{ item.creates }}"

  become: true

  become_user: "pipreqcheck"

  with_items:

    - name: pipreqcheck

      virtualenv_path: "/var/lib/pipreqcheck/virtualenv"

      python_path: "/usr/bin/python3"

      creates: "/var/lib/pipreqcheck/virtualenv/bin/python3"

- name: Create directory for storing pip requirements files

  file:

    path: "{{ item }}"

    state: "directory"

    owner: root

    group: pipreqcheck

    mode: 0750

  with_items:

    - "/etc/pip_check_requirements_upgrades"

- name: Set-up directory for storing pip requirements file for pip-tools virtual environment itself

  file:

    path: "{{ item }}"

    state: "directory"

    owner: root

    group: pipreqcheck

    mode: 0750

  with_items:

    - "/etc/pip_check_requirements_upgrades/pipreqcheck"

- name: Deploy .in file for pip requirements in pip-tools virtual environment