- name: Gather facts as login user
  hosts: localhost
  gather_facts: true
  become: false

- name: Install packages and base configuration
  gather_facts: false
  hosts: localhost
  become: true

  vars_files:
    - vars/packages.yml

  # Select GPU via:
  #   -e gpu_vendor=amd|intel|nvidia
  # Default: amd
  vars:
    selected_gpu_vendor: "{{ gpu_vendor | default('amd') }}"
    aur_builder: aurbuild
    wants_dir: "/home/{{ ansible_facts['user_id'] }}/.config/systemd/user/default.target.wants"

  tasks:
    - name: Validate gpu_vendor (amd/intel/nvidia)
      ansible.builtin.assert:
        that:
          - selected_gpu_vendor in gpu_driver_sets.keys()
        fail_msg: "gpu_vendor must be one of: {{ gpu_driver_sets.keys() | list }}"

    - name: Compute flattened package list from all categories + selected GPU set
      ansible.builtin.set_fact:
        pacman_packages: >-
          {{
            (
              (
                pkgsets
                | dict2items
                | map(attribute='value')
                | list
                | flatten
              )
              + gpu_driver_sets[selected_gpu_vendor]
            ) | unique
          }}

    - name: Install official repo packages
      community.general.pacman:
        name: "{{ pacman_packages }}"
        state: present
        update_cache: true

    - name: Check which AUR packages are already installed
      ansible.builtin.command: >
        pacman -Q {{ aur_packages | join(' ') }}
      register: aur_check
      changed_when: false
      failed_when: false

    - name: Determine if AUR install is needed
      ansible.builtin.set_fact:
        aur_install_needed: "{{ aur_check.rc != 0 }}"

    - name: Aur installs
      when: aur_install_needed
      block:
        - name: Create temporary AUR builder user
          ansible.builtin.user:
            name: "{{ aur_builder }}"
            create_home: true
            shell: /bin/bash

        - name: Allow temporary builder to use pacman without password
          ansible.builtin.copy:
            dest: "/etc/sudoers.d/{{ aur_builder }}-pacman"
            content: "{{ aur_builder }} ALL=(root) NOPASSWD: /usr/bin/pacman\n"
            mode: "0440"
            validate: "visudo -cf %s"

        # Install rustup and cargo to build paru
        - name: Check if rustup default toolchain is installed
          ansible.builtin.command: rustup toolchain list
          register: rustup_toolchains
          changed_when: false
          failed_when: false
          become: true
          become_user: "{{ aur_builder }}"

        - name: Install stable Rust toolchain via rustup
          ansible.builtin.command:
            cmd: rustup default stable
          become: true
          become_user: "{{ aur_builder }}"
          when: "'stable' not in rustup_toolchains.stdout"
          register: result
          changed_when: result.rc == 0

        - name: Install AUR packages
          become: true
          become_user: "{{ aur_builder }}"
          kewlfft.aur.aur:
            name: "{{ aur_packages }}"
            state: present

      always:
        - name: Cleanup sudoers
          ansible.builtin.file:
            path: "/etc/sudoers.d/{{ aur_builder }}-pacman"
            state: absent

        - name: Cleanup builder user
          ansible.builtin.user:
            name: "{{ aur_builder }}"
            state: absent
            remove: true

    ## Post install config
    - name: Ensure groups exist
      ansible.builtin.group:
        name: "{{ item }}"
        state: present
      loop:
        - video
        - seat

    - name: Add current user to video and seat groups
      ansible.builtin.user:
        name: "{{ ansible_facts['user_id'] }}"
        groups: "video,seat"
        append: true

    - name: Set default shell to zsh
      ansible.builtin.user:
        name: "{{ ansible_facts['user_id'] }}"
        shell: /bin/zsh

    - name: Enable and start sshd
      ansible.builtin.systemd:
        name: sshd.service
        enabled: true
        state: started

    - name: Enable and start seatd
      ansible.builtin.systemd:
        name: seatd.service
        enabled: true
        state: started

    - name: Enable lemurs
      ansible.builtin.systemd:
        name: lemurs.service
        enabled: true

    - name: Enable lingering for current user (user services at boot)
      ansible.builtin.command: "loginctl enable-linger {{ ansible_facts['user_id'] }}"
      changed_when: false
      failed_when: false

    - name: Ensure systemd user wants dir exists
      ansible.builtin.file:
        path: "{{ wants_dir }}"
        state: directory
        mode: "0755"
        owner: "{{ ansible_facts['user_id'] }}"
        group: "{{ ansible_facts['user_id'] }}"

    - name: Enable pipewire-pulse user units
      ansible.builtin.file:
        src: "/usr/lib/systemd/user/{{ item }}"
        dest: "{{ wants_dir }}/{{ item }}"
        state: link
        force: true
      loop:
        - pipewire-pulse.service
        - pipewire-pulse.socket

    - name: Ensure SSH config entry for git.jika.li
      become: false
      ansible.builtin.blockinfile:
        path: "/home/{{ ansible_facts['user_id'] }}/.ssh/config"
        create: true
        owner: "{{ ansible_facts['user_id'] }}"
        group: "{{ ansible_facts['user_id'] }}"
        mode: '0600'
        marker: "# {mark} ANSIBLE "
        block: |
          Host git.jika.li
            Port 2233