---
- name: group by cluster name
  ansible.builtin.group_by:
    key: "k3s_clusters_{{ k3s_cluster_name }}_{{ k3s_cluster_role }}"
  changed_when: false

- name: determine cluster type and members
  ansible.builtin.set_fact:
    k3s_cluster_type: "{{ 'ha' if groups['k3s_clusters_' ~ k3s_cluster_name ~ '_' ~ k3s_cluster_role] | length > 1 else 'single' }}"
    k3s_cluster_servers: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_server'] }}"
    k3s_cluster_agents: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_agent'] | default([]) }}"
    k3s_nft_servers4: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_server'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv4 }}"
    k3s_nft_agents4: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_agent'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv4 }}"
    k3s_nft_servers6: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_server'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv6 }}"
    k3s_nft_agents6: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_agent'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv6 }}"
    k3s_nft_operators4: "{{ k3s_operator_ips | ansible.utils.ipv4 }}"
    k3s_nft_operators6: "{{ k3s_operator_ips | ansible.utils.ipv6 }}"
  changed_when: false

- name: setup permissions
  become: true
  block:
    - name: install sudo
      ansible.builtin.apt:
        update_cache: true
        force_apt_get: true
        cache_valid_time: 3600
        pkg: [ sudo ]
        state: present
    - name: add operator to sudoers
      ansible.builtin.lineinfile:
        backup: true
        path: /etc/sudoers
        regexp: "^{{ k3s_operator_username }}\b.+$"
        line: "{{ k3s_operator_username }} ALL=(ALL) NOPASSWD: ALL"
        state: present
      register: backup_sudoers
      changed_when: false

- name: setup server role
  ansible.builtin.include_tasks: server.yml
  tags: [helm, opentofu]
  when: k3s_cluster_role is match("server")
- name: setup agent role
  ansible.builtin.include_tasks: agent.yml
  tags: [helm, opentofu]
  when: k3s_cluster_role is match("agent")

- name: reset permissions
  become: true
  ansible.builtin.command:
    cmd: "mv {{ backup_sudoers.backup }} /etc/sudoers"
    removes: "{{ backup_sudoers.backup }}"
  when: backup_sudoers.backup
  changed_when: false