- hosts: all
  become: true
  tasks:
    - apt: name={{item}} state=installed
      with_items:
      - openvpn
      - tcpdump
      - python-pip
      - python-virtualenv
      - strace
      - libldap2-dev
      - linux-perf
      - libsasl2-dev
      - build-essential
      - git
      - rsync

    - file:
        path: /etc/openvpn
        state: directory

    - copy:
        dest: /etc/openvpn/secret
        mode: '0600'
        content: |
          -----BEGIN OpenVPN Static key V1-----
          f94005e4206828e281eb397aefd69b37
          ebe6cd39057d5641c5d8dd539cd07651
          557d94d0077852bd8f92b68bef927169
          c5f0e42ac962a2cbbed35e107ffa0e71
          1a2607c6bcd919ec5846917b20eb6684
          c7505152815d6ed7b4420714777a3d4a
          8edb27ca81971cba7a1e88fe3936e13b
          85e9be6706a30cd1334836ed0f08e899
          78942329a330392dff42e4570731ac24
          9330358aaa6828c07ecb41fb9c498a89
          1e0435c5a45bfed390cd2104073634ef
          b00f9fae1d3c49ef5de51854103edac9
          5ff39c9dfc66ae270510b2ffa74d87d2
          9d4b3844b1e1473237bc6dc78fb03e2e
          643ce58e667a532efceec7177367fb37
          a16379a51e0a8c8e3ec00a59952b79d4
          -----END OpenVPN Static key V1-----

    - copy:
        dest: /etc/openvpn/k3.conf
        content: |
          remote k3.botanicus.net
          dev tun
          ifconfig 10.18.0.1 10.18.0.2
          secret secret

    - shell: systemctl enable openvpn@k3.service
    - shell: systemctl start openvpn@k3.service

    - lineinfile:
        line: "{{item}}"
        path: /etc/sysctl.conf
      register: sysctl_conf
      with_items:
        - "net.ipv4.ip_forward=1"
        - "kernel.perf_event_paranoid=-1"

    - shell: /sbin/sysctl -p
      when: sysctl_conf.changed

    - copy:
        dest: /etc/rc.local
        mode: "0744"
        content: |
          #!/bin/bash
          iptables -t nat -F;
          iptables -t nat -X;
          iptables -t nat -A POSTROUTING -j MASQUERADE;

    - shell: systemctl daemon-reload
    - shell: systemctl enable rc-local
    - shell: systemctl start rc-local


- hosts: all
  vars:
    git_username: '{{ lookup("pipe", "git config --global user.name") }}'
    git_email: '{{ lookup("pipe", "git config --global user.email") }}'
  tasks:
    - copy:
        src: ~/.ssh/id_gitlab
        dest: ~/.ssh/id_gitlab
        mode: 0600

    - template:
        dest: ~/.ssh/config
        src: ssh_config.j2

    - shell: "rsync -a ~/.ssh {{inventory_hostname}}:"
      connection: local

    - shell: |
        git config --global user.email "{{git_username}}"
        git config --global user.name "{{git_email}}"
      name: set_git_config

    - git:
        dest: ~/mitogen
        repo: https://github.com/dw/mitogen.git
        version: dmw

    - git:
        dest: ~/ansible
        repo: https://github.com/ansible/ansible.git
        #version: dmw

    - pip:
        virtualenv: ~/venv
        requirements: ~/mitogen/dev_requirements.txt

    - pip:
        virtualenv: ~/venv
        editable: true
        name: ~/mitogen

    - pip:
        virtualenv: ~/venv
        editable: true
        name: ~/ansible

    - pip:
        virtualenv: ~/venv
        name: debops

    - lineinfile:
        line: "source $HOME/venv/bin/activate"
        path: ~/.profile

    - name: debops-init
      shell: ~/venv/bin/debops-init ~/prj
      args:
        creates: ~/prj

    - name: grpvars
      copy:
        dest: "{{ansible_user_dir}}/prj/ansible/inventory/group_vars/all/dhparam.yml"
        content: |
          ---
          dhparam__bits: [ '256' ]

    - blockinfile:
        path: ~/prj/.debops.cfg
        insertafter: '\[ansible defaults\]'
        block: |
          strategy_plugins = {{ansible_user_dir}}/mitogen/ansible_mitogen/plugins/strategy
          forks = 50
          host_key_checking = False

    - file:
        path: ~/prj/ansible/inventory/gcloud.py
        state: link
        src: ~/mitogen/tests/ansible/lib/inventory/gcloud.py