---
- name: Create Fritzlab Base LXC Container
  hosts:
    - "host201"
  become: true
  vars:
    debian_os: "debian"
    debian_version: "bookworm"
    lxc_name: "fritzlab-base"
    lxc_image_artifact_name: "{{ lxc_name }}-{{ timestamp }}.tar.gz"
    lxc_build_dir: "/tmp/build_{{ lxc_name }}_{{ timestamp }}"
    lxc_template_dir: "/mnt/pve/nas001/template/cache"
    working_lxc_dir: "{{ lxc_build_dir }}/{{ lxc_name }}"
    working_rootfs_dir: "{{ working_lxc_dir }}/rootfs"
    working_chroot: "chroot {{ working_rootfs_dir }}"
    lxc_unnecessary_units:
      - nftables.service
      - systemd-logind.service
      - systemd-sysusers.service
      - systemd-tmpfiles-setup-dev.service
      - systemd-tmpfiles-setup.service
      - postfix.service
      - iperf3.service
      - sys-kernel-config.mount
      - sys-kernel-debug.mount
    debian_apt_packages:
      - openssh-server
      - htop
      - nano
      - wget
      - curl
      - iperf3
      - tree
      - tmux
      - dnsutils
      - iftop
      - net-tools
  tasks:

    # Set the timestamp to ensure it is the same across all tasks
    - name: Generate static timestamp
      set_fact:
        timestamp: "{{ '%Y%m%d-%H%M%S' | strftime }}"

    #- name: Update apt repos
    #  apt:
    #    update_cache: yes

    #- name: Ensure required packages are installed
    #  apt:
    #    state: present
    #    name:
    #      - debootstrap
    #      - tar

    - name: Check if LXC container directory exists on host
      stat:
        path: "{{ working_lxc_dir }}"
      register: lxc_dir_check

    - name: Ensure clean LXC container root filesystem on host
      ignore_errors: yes
      when: lxc_dir_check.stat.exists
      command:
        cmd: "rm -rf {{ working_lxc_dir }}"

    - name: Download and create LXC container root filesystem on host
      command:
        cmd: "debootstrap --arch=amd64 {{ debian_version }} {{ working_rootfs_dir }} https://deb.debian.org/debian/"
      args:
        creates: "{{ working_rootfs_dir }}"

    - name: Update apt in the container
      command:
        cmd: "{{ working_chroot }} /bin/bash -c 'apt update'"

    - name: Install additional packages in the container
      command:
        cmd: "{{ working_chroot }} /bin/bash -c 'DEBIAN_FRONTEND=noninteractive apt install -y {{ debian_apt_packages | join(' ') }}'"

    - name: Configure environment variables
      template:
        src: environment.j2
        dest: "{{ working_rootfs_dir }}/etc/environment"

    - name: Set up Message of the Day (MOTD)
      template:
        src: motd.j2
        dest: "{{ working_rootfs_dir }}/etc/motd"

    - name: Set Authorized SSH Keys
      template:
        src: authorized_keys.j2
        dest: "{{ working_rootfs_dir }}/root/.ssh/authorized_keys"

    - name: Create managed .bashrc file
      template:
        src: bash.bashrc.j2
        dest: "{{ working_rootfs_dir }}/etc/bash.bashrc"

    - name: Create .digrc file
      template:
        src: digrc.j2
        dest: "{{ working_rootfs_dir }}/root/.digrc"

    - name: Create locale file
      template:
        src: locale.j2
        dest: "{{ working_rootfs_dir }}/etc/default/locale"

    - name: Check if SSH configuration directory exists
      stat:
        path: "{{ working_rootfs_dir }}/etc/ssh/sshd_config.d"
      register: ssh_config_dir_check

    - name: SSH Configuration
      template:
        src: sshd_config.j2
        dest: "{{ working_rootfs_dir }}/etc/ssh/sshd_config.d/fritzlab.conf"
      when: ssh_config_dir_check.stat.exists

    - name: SSH Banner
      template:
        src: sshd_banner.j2
        dest: "{{ working_rootfs_dir }}/etc/ssh/banner.txt"
      when: ssh_config_dir_check.stat.exists

    - name: Sysctl Configuration
      template:
        src: sysctl.j2
        dest: "{{ working_rootfs_dir }}/etc/sysctl.d/s99-fritzlab.conf"

    - name: Mask unnecessary systemd units
      command:
        cmd: "{{ working_chroot }} /bin/bash -c 'systemctl mask {{ lxc_unnecessary_units | join(' ') }}'"

    - name: Clean APT cache in the container
      command:
        cmd: "{{ working_chroot }} /bin/bash -c 'apt clean'"

    - name: Remove unnecessary locale files in the container
      command:
        cmd: "{{ working_chroot }} /bin/bash -c 'rm -rf /usr/share/locale/* /usr/share/man/* /usr/share/doc/*'"

    - name: Remove temporary files in the container
      command:
        cmd: "{{ working_chroot }} /bin/bash -c 'rm -rf /var/tmp/* /var/cache/* /tmp/*'"

    - name: Remove device files before archiving in the container
      command:
        cmd: "rm -rf {{ working_rootfs_dir }}/dev/*"

    - name: Create LXC image artifact by archiving rootfs on host
      command:
        cmd: "tar --exclude='./dev' --exclude='./dev/*' -czvf /tmp/{{ lxc_image_artifact_name }} -C {{ working_rootfs_dir }} ."
      args:
        creates: /tmp/{{ lxc_image_artifact_name }}

    - name: Move artifact to NFS Share
      command:
        cmd: "mv /tmp/{{ lxc_image_artifact_name }} {{ lxc_template_dir }}"

    - name: Cleanup temporary artifact on host
      file:
        path: /tmp/{{ lxc_image_artifact_name }}
        state: absent

    - name: Cleanup LXC container root filesystem on host
      ignore_errors: yes
      when: lxc_dir_check.stat.exists
      command:
        cmd: "rm -rf {{ working_lxc_dir }}"

    - name: Display LXC image artifact name
      debug:
        msg: "LXC Image Artifact Name: {{ lxc_image_artifact_name }}"