---

# - name: merge custom vars
#   block:

#   - name: set role variable sources
#     set_fact:
#       role_info:
#         role_defaults_file: "{{ role_path }}/defaults/main.yml"
#         role_override_file: "{{ ansible_inventory_sources[0] | dirname }}/group_vars/{{ role_name }}.yml"
#         vars_return: "placeholder"

#   - set_fact:
#       source_role: "{{ role_name }}"

#   - name: run merge_vars role
#     include_role:
#       name: "merge_vars"
#     vars:
#       a_config_file: "{{ role_info['role_defaults_file'] }}"
#       b_config_file: "{{ role_info['role_override_file'] }}"
#       calling_role: "{{ source_role }}"

#   - name: merge custom vars to vars[]
#     set_fact:
#       { "{{ entry }}": "{{ role_info['vars_return'][entry] }}" }
#     loop: "{{ role_info['vars_return'] | list }}"
#     loop_control:
#       loop_var: entry
#     when:
#       - not role_info['vars_return'] == 'placeholder'

#   - debug:
#       msg:
#         - "{{ vars['ntp'] }}"
#         - "{{ vars['a'] }}"

#   delegate_to: localhost

- name: get facts for localhost
  ansible.builtin.setup:
  delegate_to: localhost
  delegate_facts: true

- name: test for clock skew
  set_fact:
    _clock_skew: True
  when:
    - (((hostvars[ansible_hostname]['ansible_date_time']['epoch_int'] | int) - (hostvars['localhost']['ansible_date_time']['epoch_int'] | int)) | abs) >86400

# manually set date on host where it differs from the localhost by more than 1 day, host must be able to validate ssl certs to download ntp packages
# test with:
# - date --set="2 year ago"
# - date --set="2 year"
- name: set host time to localhost time
  ansible.builtin.command: date --set '@{{ hostvars['localhost']['ansible_date_time']['epoch_int'] }}'
  when:
    - _clock_skew is defined

- name: install ntp packages
  ansible.builtin.package:
    name:
      - tzdata
      - chrony
    state: latest

- name: update package facts
  ansible.builtin.package_facts:
    manager: auto
    strategy: all

- name: set timezone to Europe/London
  community.general.timezone:
    name: Europe/London
  when:
    - "'tzdata' in ansible_facts['packages']"

- name: set facts to render config as ntp client
  set_fact:
    _enable_ntp_servers: "{{ ['pool 0.europe.pool.ntp.org iburst prefer', 'pool 1.europe.pool.ntp.org', 'pool 2.europe.pool.ntp.org', 'pool 3.europe.pool.ntp.org'] }}"

- name: set facts to render config as ntp client with private ntp sources
  set_fact:
    _enable_ntp_servers: "{{ vars['groups']['ntpd'] | map('regex_replace', '$', suffix_domain) | map('regex_replace', '$', ' iburst prefer')  | map('regex_replace', '^', 'server ') }}"
  vars:
    suffix_domain: ".{{ vars[config_namespace]['env']['cluster_domain'] }}"
  when:
    - vars['groups']['ntpd'] is defined

- name: set facts to render config as ntp server
  set_fact:
    _enable_ntp_server: true
    _external_time_sources: "{{ ntp['external_time_sources'] }}"
    _allow_network: "{{ _allow_network | default([]) + [cidr_range] }}"
  loop: "{{ ntp['allow_network'] }}"
  loop_control:
    loop_var: entry
  vars:
    cidr_range: "{{ vars[config_namespace]['cluster_networks'][entry]['network'] }}/{{ (vars[config_namespace]['cluster_networks'][entry]['network'] + '/' + vars[config_namespace]['cluster_networks'][entry]['netmask']) | ansible.utils.ipaddr('prefix') }}"
  when:
    # - "'ntp_server' in hostvars[ansible_hostname]['group_names']"
    - "'ntpd' in active_role_groups"

- name: configure chrony.conf
  ansible.builtin.template:
    src: templates/chrony.conf.j2
    dest: /etc/chrony.conf
    owner: root
    group: root
    mode: 0644
  notify: restart_chronyd

- name: start chronyd service
  ansible.builtin.service:
    name: chronyd
    state: started
    enabled: true