---
- name: Create and configure VMs
  hosts: all
  strategy: free  # noqa: run-once[play]
  gather_facts: false
  become: true
  vars_prompt:
    - name: user_name
      prompt: |
        What is your username?
      private: false

    - name: user_public_key
      prompt: |
        What is your ssh key?
      private: false

    - name: user_password
      prompt: |
        What is your password?
      confirm: true

    - name: root_password
      prompt: |
        What is your root password?
      confirm: true
  pre_tasks:
    - name: Load global defaults
      ansible.builtin.import_role:
        name: global_defaults

  roles:
    - role: virtualization
      when: install_type == "virtual"
      become: false
      vars:
        ansible_connection: local

    - role: environment
      vars:
        ansible_connection: "{{ 'vmware_tools' if hypervisor == 'vmware' else 'ssh' }}"

    - role: partitioning
      vars:
        partitioning_boot_partition_suffix: 1
        partitioning_main_partition_suffix: 2

    - role: bootstrap

    - role: configuration

    - role: cis
      when: cis_enabled

    - role: cleanup
      when: install_type in ["virtual", "physical"]
      become: false

  post_tasks:
    - name: Set post-reboot connection flags
      ansible.builtin.set_fact:
        post_reboot_can_connect: >-
          {{
            (ansible_connection | default('ssh')) != 'ssh'
            or (vm_ip is defined and (vm_ip | string | length) > 0)
            or (
              install_type == 'physical'
              and (ansible_host | default('') | string | length) > 0
            )
          }}
      changed_when: false

    - name: Set final SSH credentials for post-reboot tasks
      when:
        - post_reboot_can_connect | bool
      ansible.builtin.set_fact:
        ansible_user: "{{ user_name }}"
        ansible_password: "{{ user_password }}"
        ansible_become_password: "{{ user_password }}"
        ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"

    - name: Install post-reboot extra packages
      vars:
        post_install_extra_packages: >-
          {{
            (
              extra_packages
              if (extra_packages is iterable and extra_packages is not string)
              else (extra_packages | string).split(',')
            )
            | map('trim')
            | reject('equalto', '')
            | list
          }}
      when:
        - post_reboot_can_connect | bool
        - extra_packages is defined
        - extra_packages | length > 0
        - post_install_extra_packages | length > 0
      ansible.builtin.package:
        name: "{{ post_install_extra_packages }}"
        state: present