---
- hosts: "hostnode"
  name: Teleport setup
  vars:
  become: true
  pre_tasks:
    - name: Load variables
      ansible.builtin.include_vars: '{{ item }}'
      with_first_found:
        - "vars/default.yml"
  tasks:
    - name: Check if teleport is installed.
      ansible.builtin.stat: "path=/usr/local/bin/teleport"
      register: teleport_bin
    
    - debug:
        msg: "{{ teleport_bin }}"

    - name: install teleport
      ansible.builtin.shell:
        cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8'


    - name:

    - name: Ensure teleport has selected state and enabled on boot.
      service:
        name: 'teleport'
        state: 'started'
        enabled: yes

    - name: Get teleport token
      ansible.builtin.shell:
        cmd: '/usr/local/bin/tctl tokens add --type=node --format=text'
        executable: /bin/bash
      register: token

    - debug:
        msg: token.stdout

- hosts: "clients"
  name: Client setup
  vars:
  become: true
  pre_tasks:
    - name: Load variables
      ansible.builtin.include_vars: '{{ item }}'
      with_first_found:
        - "vars/default.yml"
  
  tasks:
    - name: Check if teleport is installed.
      ansible.builtin.stat: "path=/usr/local/bin/teleport"
      register: teleport_bin_clients

    - name: install teleport
      ansible.builtin.shell:
        cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8'
      when: teleport_bin_clients.stat.exists == false

    - name: remove existing config if exists
      ansible.builtin.file:
        path: /etc/teleport.yaml
        state: absent

    - name: Create teleport config
      ansible.builtin.shell:
        cmd: '/usr/local/bin/teleport node configure --output=file:///etc/teleport.yaml --token={{ token.stdout }} --proxy={{ groups["hostnode"] | map("extract", hostvars, ["inventory_hostname"]) }}:443'
        executable: /bin/bash

    - name: Ensure teleport has selected state and enabled on boot.
      service:
        name: 'teleport'
        state: 'started'
        enabled: yes

    - name: open ports for teleport
      ansible.builtin.shell:
        cmd: 'ufw allow 3022/tcp && ufw allow 443/tcp'


- hosts: "hostnode"
  name: reverse proxy setup
  vars:
  become: true
  pre_tasks:
    - name: Load variables
      ansible.builtin.include_vars: '{{ item }}'
      with_first_found:
        - "vars/default.yml"
  tasks:
    - include_tasks: reverseproxy.ansible.yml
      when: {{ REVERSE_PROXY }}