---
# Ansible Playbook for Multi-Site Deployment
# Deploys agents and configures Proxmox sites

- name: Deploy Hybrid Cloud Control Plane to Multiple Sites
  hosts: all
  become: yes
  vars:
    cloudflare_tunnel_token: "{{ vault_cloudflare_tunnel_token }}"
    site_name: "{{ inventory_hostname | regex_replace('^pve[0-9]+', 'site') }}"
    prometheus_enabled: true
    
  tasks:
    - name: Ensure system is up to date
      package:
        name:
          - curl
          - wget
          - git
          - jq
        state: present
      when: ansible_os_family == "Debian"
      
    - name: Install cloudflared
      block:
        - name: Check if cloudflared is installed
          command: which cloudflared
          register: cloudflared_check
          changed_when: false
          failed_when: false
          
        - name: Download cloudflared
          get_url:
            url: "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-{{ ansible_architecture | replace('x86_64', 'amd64') | replace('aarch64', 'arm64') }}"
            dest: /usr/local/bin/cloudflared
            mode: '0755'
          when: cloudflared_check.rc != 0
          
    - name: Create cloudflared directories
      file:
        path: "{{ item }}"
        state: directory
        mode: '0755'
      loop:
        - /etc/cloudflared
        - /etc/cloudflared/tunnel-configs
        - /var/log/cloudflared
        
    - name: Copy tunnel configuration
      template:
        src: tunnel-config.j2
        dest: /etc/cloudflared/tunnel-configs/{{ site_name }}.yaml
        mode: '0644'
      vars:
        node_name: "{{ inventory_hostname }}"
        
    - name: Create tunnel credentials file
      copy:
        content: '{"AccountTag":"","TunnelSecret":"","TunnelID":"","TunnelName":"{{ site_name }}-tunnel"}'
        dest: /etc/cloudflared/{{ site_name }}-tunnel.json
        mode: '0600'
        
    - name: Create cloudflared systemd service
      template:
        src: cloudflared.service.j2
        dest: /etc/systemd/system/cloudflared-tunnel.service
        mode: '0644'
      vars:
        site_name: "{{ site_name }}"
      notify: restart cloudflared
      
    - name: Install Prometheus exporter
      block:
        - name: Install Python pip
          package:
            name: python3-pip
            state: present
          when: ansible_os_family == "Debian"
          
        - name: Install pve_exporter
          pip:
            name: pve_exporter
            state: present
          when: prometheus_enabled | bool
          
        - name: Create pve_exporter systemd service
          template:
            src: pve-exporter.service.j2
            dest: /etc/systemd/system/pve-exporter.service
            mode: '0644'
          when: prometheus_enabled | bool
          notify: restart pve-exporter
          
    - name: Enable and start services
      systemd:
        name: "{{ item }}"
        enabled: yes
        state: started
        daemon_reload: yes
      loop:
        - cloudflared-tunnel
        - pve-exporter
      when: item != "pve-exporter" or prometheus_enabled | bool
      
    - name: Verify cloudflared is running
      systemd:
        name: cloudflared-tunnel
      register: cloudflared_status
      
    - name: Display tunnel status
      debug:
        msg: "Cloudflare tunnel is {{ cloudflared_status.status.ActiveState }}"
        
  handlers:
    - name: restart cloudflared
      systemd:
        name: cloudflared-tunnel
        state: restarted
        daemon_reload: yes
        
    - name: restart pve-exporter
      systemd:
        name: pve-exporter
        state: restarted
        daemon_reload: yes