---
- name: create services template dir
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}"
    state: directory
    recurse: yes

- name: copy template config files
  template:
    src: Bastillefile.j2
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/Bastillefile"

- name: create config paths
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}/{{ item }}/"
    state: directory
    recurse: yes
  loop:
    - etc/ssh
    - usr/share/skel

- name: copy sshd config file
  copy:
    src: sshd_config
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"

- name: copy skel files
  copy:
    src: "skel/{{ item }}"
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/usr/share/skel/{{ item }}"
  loop:
    - dot.bashrc
    - dot.cshrc
    - dot.emacs
    - dot.login
    - dot.login_conf
    - dot.profile
    - dot.shrc

- name: copy resolv.conf file
  template:
    src: resolv.conf.j2
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/resolv.conf"
    
- name: create jail
  shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
  args:
    creates: /usr/local/bastille/jails/{{ role_name }}

- name: start jail
  # https://github.com/BastilleBSD/bastille/issues/342
  shell: bastille start {{ role_name }} || true

- name: template jail
  shell: "bastille template {{ role_name }} services/{{ role_name }}"


# FIXME: loop over files and check size somehow, or always copy? use file module?
- name: copy skel files
  shell: cp -r /usr/local/bastille/templates/services/{{ role_name }}/usr/share/skel /usr/local/bastille/jails/{{ role_name }}/root/etc/
  args:
    creates: /usr/local/bastille/jails/{{ role_name }}/root/etc/skel

# The normal  ansible user  module can't be  used here,  because we're
# talking  about jail  users  here. I  tried to  patch  the module  to
# support the  -R flag (https://github.com/ansible/ansible/pull/84371)
# but it makes no sense. Every  single function needs to be patched so
# that it works for jails.
#
# So, instead I'm just using this simple script, which does the job as
# well.
- name: Manage users
  loop: "{{ users }}"
  ansible.builtin.script: "bin/user.sh -u {{ item.name }} -g '{{ item.groups }}' -c {{ role_name }}-user -a {{ item.state }} -d /usr/local/bastille/jails/{{ role_name }}/root"