---
############################################################
# 1. Infrastruktur erstellen
############################################################

- name: Provision infrastructure in Hetzner Cloud
  hosts: localhost
  gather_facts: true

  pre_tasks:

    - name: Abort if confirmation flag not set
      fail:
        msg: "Provisioning aborted. Use -e confirm=y to continue."
      when: confirm is not defined or confirm != "y"

  vars:
    base_name: ansible-demo
    ssh_key_name: ansible-key

  tasks:

    - name: Set unique server name (timestamp based)
      set_fact:
        server_name: "{{ base_name }}-{{ ansible_date_time.epoch }}"

    - name: Show calculated server name
      debug:
        var: server_name

    - name: Create SSH key in Hetzner
      hetzner.hcloud.hcloud_ssh_key:
        api_token: "{{ hcloud_token }}"
        name: "{{ ssh_key_name }}"
        public_key: "{{ hcloud_ssh_public_key }}"
        state: present

    - name: Create Hetzner Cloud Server
      hetzner.hcloud.hcloud_server:
        api_token: "{{ hcloud_token }}"
        name: "{{ server_name }}"
        server_type: "{{ hcloud_server_type }}"
        image: "{{ hcloud_image }}"
        location: "{{ hcloud_location }}"
        ssh_keys:
          - "{{ ssh_key_name }}"
        firewalls: "{{ hcloud_firewalls | default(omit) }}"
        state: present
      register: created_server

    - name: Store server info in Supabase
      ansible.builtin.uri:
        url: "{{ supabase_url }}/rest/v1/servers"
        method: POST
        headers:
          apikey: "{{ supabase_api_key }}"
          Authorization: "Bearer {{ supabase_api_key }}"
          Content-Type: "application/json"
          Prefer: "resolution=merge-duplicates"
        body_format: json
        body:
          server_id: "{{ created_server.hcloud_server.id }}"
          name: "{{ created_server.hcloud_server.name }}"
          ipv4: "{{ created_server.hcloud_server.ipv4_address }}"
          server_type: "{{ created_server.hcloud_server.server_type }}"
          location: "{{ created_server.hcloud_server.location }}"
          status: "{{ created_server.hcloud_server.status }}"
        status_code: [200, 201]
      delegate_to: localhost

    - name: Add new server to runtime inventory
      add_host:
        name: newserver
        ansible_host: "{{ created_server.hcloud_server.ipv4_address }}"
        ansible_user: root
        ansible_ssh_private_key_file: "~/.ssh/id_ed25519"

    - name: Wait for SSH to become reachable
      wait_for:
        host: "{{ created_server.hcloud_server.ipv4_address }}"
        port: 22
        delay: 5
        timeout: 180
        state: started


############################################################
# 2. Server konfigurieren
############################################################

- name: Configure new server
  hosts: newserver
  become: true
  gather_facts: true

  vars:
    new_username: sysadmin46E9

  tasks:

    - name: Create sudo user
      ansible.builtin.user:
        name: "{{ new_username }}"
        shell: /bin/bash
        groups: sudo
        append: yes
        create_home: yes

    - name: Add SSH key for user
      ansible.posix.authorized_key:
        user: "{{ new_username }}"
        key: "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}"

    - name: Allow passwordless sudo
      ansible.builtin.copy:
        dest: "/etc/sudoers.d/{{ new_username }}"
        content: "{{ new_username }} ALL=(ALL) NOPASSWD:ALL"
        mode: '0440'