---
- name: Ensure keyfile pattern for initramfs-tools
  when:
    - os_family == 'Debian'
    - configuration_luks_keyfile_in_use
  ansible.builtin.lineinfile:
    path: /mnt/etc/cryptsetup-initramfs/conf-hook
    regexp: "^KEYFILE_PATTERN="
    line: "KEYFILE_PATTERN=/etc/cryptsetup-keys.d/*.key"
    create: true
    mode: "0644"

- name: Configure mkinitcpio hooks for LUKS
  when: os == 'archlinux'
  ansible.builtin.lineinfile:
    path: /mnt/etc/mkinitcpio.conf
    regexp: "^HOOKS="
    line: >-
      HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole
      block sd-encrypt{{ ' lvm2' if system_cfg.filesystem != 'btrfs' else '' }} filesystems fsck)

- name: Read mkinitcpio configuration
  when: os == 'archlinux'
  ansible.builtin.slurp:
    src: /mnt/etc/mkinitcpio.conf
  register: configuration_mkinitcpio_slurp

- name: Build mkinitcpio FILES list
  when: os == 'archlinux'
  vars:
    mkinitcpio_files_list: >-
      {{
        (
          configuration_mkinitcpio_slurp.content | b64decode
          | regex_findall('^FILES=\\(([^)]*)\\)', multiline=True)
          | default([])
          | first
          | default('')
        ).split()
      }}
    mkinitcpio_files_list_new: >-
      {{
        (
          (mkinitcpio_files_list + [configuration_luks_keyfile_path])
          if configuration_luks_keyfile_in_use
          else (
            mkinitcpio_files_list
            | reject('equalto', configuration_luks_keyfile_path)
            | list
          )
        )
        | unique
      }}
  ansible.builtin.set_fact:
    configuration_mkinitcpio_files_list_new: "{{ mkinitcpio_files_list_new }}"

- name: Configure mkinitcpio FILES list
  when: os == 'archlinux'
  ansible.builtin.lineinfile:
    path: /mnt/etc/mkinitcpio.conf
    regexp: "^FILES="
    line: >-
      FILES=({{
        configuration_mkinitcpio_files_list_new | join(' ')
      }})