---

- hosts: all
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: yes

- hosts: backup-server
  roles:
    - role: backup_server
      backup_host_ssh_private_keys:
        dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
        rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
        ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
        ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
      backup_clients:
        - server: parameters-mandatory
          ip: 10.31.127.20
          public_key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}"
        - server: parameters-mandatory
          uid: 5001
          ip: 10.31.127.21
          public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

# Set-up custom user and port for testing optional parameters.
- hosts: backup-server
  tasks:
    - name: Set-up backup group
      group:
        name: backupuser
    - name: Set-up backup user
      user:
        name: backupuser
        group: backupuser
    - name: Set-up firewall configuration for port forwarding
      copy:
        content: "domain (ip ip6) table nat chain PREROUTING { proto tcp dport 3333 REDIRECT to-ports 2222; }"
        dest: /etc/ferm/conf.d/50-redirect_3333.conf
        owner: root
        group: root
        mode: 0640
      notify:
        - Reload firewall
    - name: Set-up firewall configuration to accept incoming connections to port 3333
      copy:
        content: "domain (ip ip6) table filter chain INPUT { proto tcp dport 3333 ACCEPT; }"
        dest: /etc/ferm/conf.d/55-accept_3333.conf
        owner: root
        group: root
        mode: 0640
      notify:
        - Reload firewall
  handlers:
    - name: Reload firewall
      service:
        name: ferm
        state: restarted

- hosts: parameters-mandatory
  roles:
    - role: backup_client
      backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-mandatory.asc') }}"
      backup_server: backup-server
      backup_server_host_ssh_public_keys:
        - "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
      backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory' ) }}"

- hosts: parameters-optional
  roles:
    - role: backup_client
      backup_additional_encryption_keys:
        - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_1.asc') }}"
        - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_2.asc') }}"
        - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_3.asc') }}"
      backup_client_username: backupuser
      backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
      backup_server: backup-server
      backup_server_destination: "/home/backupuser"
      backup_server_host_ssh_public_keys:
        - "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
      backup_server_port: 3333
      backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"