---
- name: Configure grub defaults
  when: not is_rhel | bool
  ansible.builtin.lineinfile:
    dest: /mnt/etc/default/grub
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  loop:
    - regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
      line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
    - regexp: ^GRUB_TIMEOUT=
      line: GRUB_TIMEOUT=1

- name: Ensure grub defaults file exists for RHEL-based systems
  when: is_rhel | bool
  block:
    - name: Build RHEL kernel command line defaults
      vars:
        grub_root_uuid: >-
          {{
            (
              partitioning_main_uuid.stdout
              if system_cfg.filesystem == 'btrfs'
              else (partitioning_uuid_root | default([]) | first | default(''))
            )
            | default('')
            | trim
          }}
        grub_lvm_args: >-
          {{
            (
              ['rd.lvm.lv=sys/root']
              + (
                ['rd.lvm.lv=sys/swap', 'resume=/dev/mapper/sys-swap']
                if system_cfg.features.swap.enabled | bool
                else []
              )
            )
            if system_cfg.filesystem != 'btrfs'
            else []
          }}
        grub_root_flags: >-
          {{ ['rootflags=subvol=@'] if system_cfg.filesystem == 'btrfs' else [] }}
        grub_cmdline_linux_base: >-
          {{
            (['crashkernel=auto'] + grub_lvm_args)
            | join(' ')
          }}
        grub_kernel_cmdline_base: >-
          {{
            (
              (['root=UUID=' + grub_root_uuid]
               if grub_root_uuid | length > 0 else [])
              + ['ro', 'crashkernel=auto']
              + grub_lvm_args
              + grub_root_flags
            )
            | join(' ')
          }}
      ansible.builtin.set_fact:
        configuration_grub_cmdline_linux_base: "{{ grub_cmdline_linux_base }}"
        configuration_kernel_cmdline_base: "{{ grub_kernel_cmdline_base }}"
      changed_when: false

    - name: Check if grub defaults file exists
      ansible.builtin.stat:
        path: /mnt/etc/default/grub
      register: configuration_grub_defaults_stat
      changed_when: false

    - name: Create default grub configuration
      when: not configuration_grub_defaults_stat.stat.exists
      ansible.builtin.copy:
        dest: /mnt/etc/default/grub
        mode: "0644"
        content: |
          GRUB_TIMEOUT=1
          GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
          GRUB_DEFAULT=saved
          GRUB_DISABLE_SUBMENU=true
          GRUB_TERMINAL_OUTPUT="console"
          GRUB_CMDLINE_LINUX="{{ configuration_grub_cmdline_linux_base }}"
          GRUB_DISABLE_RECOVERY="true"
          GRUB_ENABLE_BLSCFG=true

    - name: Ensure kernel cmdline directory exists
      ansible.builtin.file:
        path: /mnt/etc/kernel
        state: directory
        mode: "0755"

    - name: Write kernel cmdline defaults
      ansible.builtin.copy:
        dest: /mnt/etc/kernel/cmdline
        mode: "0644"
        content: "{{ configuration_kernel_cmdline_base }}\n"

    - name: Find BLS entries
      ansible.builtin.find:
        paths: /mnt/boot/loader/entries
        patterns: "*.conf"
      register: configuration_grub_bls_entries
      changed_when: false

    - name: Update BLS options with kernel cmdline defaults
      when: configuration_grub_bls_entries.files | length > 0
      ansible.builtin.lineinfile:
        path: "{{ item.path }}"
        regexp: "^options "
        line: "options {{ configuration_kernel_cmdline_base }}"
      loop: "{{ configuration_grub_bls_entries.files }}"
      loop_control:
        label: "{{ item.path }}"

- name: Enable GRUB cryptodisk for encrypted /boot
  when: partitioning_grub_enable_cryptodisk | bool
  ansible.builtin.lineinfile:
    path: /mnt/etc/default/grub
    regexp: "^GRUB_ENABLE_CRYPTODISK="
    line: GRUB_ENABLE_CRYPTODISK=y