---
- name: Ensure dracut config directory exists
  ansible.builtin.file:
    path: /mnt/etc/dracut.conf.d
    state: directory
    mode: "0755"

- name: Configure dracut for LUKS
  ansible.builtin.copy:
    dest: /mnt/etc/dracut.conf.d/crypt.conf
    content: |
      add_dracutmodules+=" crypt systemd "
      {% if configuration_luks_keyfile_in_use | default(false) %}
      install_items+=" {{ configuration_luks_keyfile_path }} "
      {% endif %}
      {% if configuration_luks_auto_method == 'tpm2' %}
      install_items+=" {{ configuration_luks_tpm2_token_lib | default('') }} "
      {% endif %}
    mode: "0644"

# --- Kernel cmdline: write rd.luks.* args for dracut ---
- name: Ensure kernel cmdline directory exists
  ansible.builtin.file:
    path: /mnt/etc/kernel
    state: directory
    mode: "0755"

- name: Read existing kernel cmdline
  ansible.builtin.slurp:
    src: /mnt/etc/kernel/cmdline
  register: _kernel_cmdline_slurp
  failed_when: false

- name: Build kernel cmdline with LUKS args
  vars:
    _cmdline_current: >-
      {{ (_kernel_cmdline_slurp.content | default('') | b64decode | default('')) | trim }}
    _cmdline_list: >-
      {{ _cmdline_current.split() if _cmdline_current | length > 0 else [] }}
    _cmdline_filtered: >-
      {{
        _cmdline_list
        | reject('match', '^rd\\.luks\\.(name|options|key)=' ~ configuration_luks_uuid ~ '=')
        | list
      }}
    _cmdline_new: >-
      {{
        (_cmdline_filtered + configuration_luks_kernel_args.split())
        | unique
        | join(' ')
      }}
  ansible.builtin.set_fact:
    _dracut_kernel_cmdline: "{{ _cmdline_new }}"

- name: Write kernel cmdline with LUKS args
  ansible.builtin.copy:
    dest: /mnt/etc/kernel/cmdline
    mode: "0644"
    content: "{{ _dracut_kernel_cmdline }}\n"

# --- BLS entries: RedHat-specific ---
- name: Update BLS entries with LUKS kernel cmdline
  when: os_family == 'RedHat'
  vars:
    _bls_cmdline: "{{ _dracut_kernel_cmdline }}"
  ansible.builtin.include_tasks: ../_bls_update.yml