- hosts: server_web
  vars:
    user: "smauro"
    root_password: "testtest"
  tasks:
    # 1. Passer à root et installer sudo (si pas déjà installé)
    - name: Passer à root et installer sudo
      become: yes
      become_user: root
      become_method: su
      command: apt install sudo -y
      vars:
        ansible_become_pass: "{{ root_password }}"
      register: result
      when: ansible_facts.packages['sudo'] is not defined

    - name: Afficher le résultat de l'installation de sudo
      debug:
        var: result

    # 2. Ajouter l'utilisateur au groupe sudo
    - name: Ajouter l'utilisateur au groupe sudo
      user:
        name: "{{ user }}"
        groups: sudo
        append: yes
      become: yes
      become_user: root
      when: ansible_facts.packages['sudo'] is defined

    # 3. Modifier le fichier sources.list
    - name: Modifier le fichier sources.list
      copy:
        dest: /etc/apt/sources.list
        content: |
          deb http://deb.debian.org/debian/ bookworm main non-free-firmware
          deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
          
          deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
          deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
          
          # bookworm-updates, to get updates before a point release is made;
          # see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
          deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
          deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
      become: yes

    # 4. Mettre à jour les paquets
    - name: Mettre à jour les paquets
      apt:
        update_cache: yes
      become: yes

    # 5. Configurer le hostname
    - name: Configurer le hostname
      hostname:
        name: "{{ ansible_hostname }}"
      become: yes

    # 6. Changer le mot de passe root
    - name: Changer le mot de passe root
      user:
        name: root
        password: "{{ root_password | password_hash('sha512') }}"
      become: yes

    # 7. Configurer l'utilisateur smauro
    - name: Configurer l'utilisateur smauro
      user:
        name: "{{ user }}"
        password: "{{ user_password | password_hash('sha512') }}"  # Utilisation de la variable dynamique
        shell: /bin/bash
        groups: sudo
        state: present
      become: yes

    # 8. Installer les paquets nécessaires
    - name: Installer les paquets nécessaires
      apt:
        name: ["sudo", "vim", "curl", "git", "htop", "gnupg", "apache2", "net-tools"]
        state: present
      become: yes

    # 9. Installer les dépendances requises pour ajouter un dépôt
    - name: Installer les dépendances requises pour ajouter un dépôt
      apt:
        name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"]
        state: present
      become: yes

    # 10. Ajouter le dépôt Sury pour PHP 8.3
    - name: Ajouter le dépôt Sury pour PHP 8.3
      shell: echo "deb https://packages.sury.org/php/ bookworm main" | tee /etc/apt/sources.list.d/sury-php.list
      become: yes
       
    - name: Ajouter la clé GPG du dépôt Sury
      shell: curl -fsSL https://packages.sury.org/php/apt.gpg | tee /etc/apt/trusted.gpg.d/sury-php.gpg > /dev/null
      become: yes

    # 11. Mettre à jour et upgrader le système
    - name: Mettre à jour et upgrader le système
      apt:
        update_cache: yes
        upgrade: dist
      become: yes

    # 12. Installer PHP 8.3 et modules requis
    - name: Installer PHP 8.3 et modules requis
      apt:
        name:
          - php8.3-cli
          - php8.3-fpm
          - php8.3-common
          - php8.3-mbstring
          - php8.3-xml
          - php8.3-curl
          - php8.3-zip
          - php8.3-gd
          - php8.3-mysql
        state: present
      become: yes

    - name: Redémarrer PHP 8.3-FPM
      systemd:
        name: php8.3-fpm
        state: restarted
      become: yes

    # 13. Redémarrer Apache
    - name: Redémarrer Apache
      systemd:
        name: apache2
        state: restarted
      become: yes

    # 14. Activer les modules rewrite et expires dans Apache
    - name: Activer les modules rewrite et expires dans Apache
      command: a2enmod rewrite expires
      become: yes

    # 15. Redémarrer Apache après activation des modules
    - name: Redémarrer Apache après activation des modules
      systemd:
        name: apache2
        state: restarted
      become: yes

    - name: Mettre à jour /etc/hosts avec le hostname
      lineinfile:
        path: /etc/hosts
        regexp: '^127\.0\.0\.1\s+'
        line: "127.0.0.1 localhost {{ ansible_hostname }}"
        state: present
      become: yes

    # 17. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config
    - name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin\s+yes'
        line: 'PermitRootLogin no'
        state: present
      become: yes

    - name: Déployer le script MOTD personnalisé
      copy:
        src: ../sources/99-motd  # Chemin relatif depuis où tu exécutes le playbook
        dest: /etc/update-motd.d/99-motd
        owner: root
        group: root
        mode: '0755'
      become: yes

    - name: Redémarrer la machine
      command: "nohup bash -c 'sleep 5 && reboot' &"
      async: 1
      poll: 0
      ignore_errors: yes
      become: yes


    # 18. Redémarrer la machine
    #- name: Redémarrer la machine
    # reboot:
    #msg: "Redémarrage après configuration."
    #pre_reboot_delay: 5
    #become: yes
    #ignore_errors: yes