---
- name: Bootstrap Ubuntu System
  vars:
    # ubuntu = latest non-LTS, ubuntu-lts = latest LTS
    bootstrap_ubuntu_release_map:
      ubuntu: plucky
      ubuntu-lts: noble
    bootstrap_ubuntu_release: "{{ bootstrap_ubuntu_release_map[os] | default('noble') }}"
    _config: "{{ lookup('vars', bootstrap_var_key) }}"
    bootstrap_ubuntu_base_csv: "{{ (['ca-certificates'] + _config.base) | unique | join(',') }}"
    bootstrap_ubuntu_extra_args: >-
      {{
        ((_config.extra | default([])) + (_config.conditional | default([])))
        | reject('equalto', '')
        | join(' ')
      }}
  block:
    - name: Validate Ubuntu package configuration
      ansible.builtin.assert:
        that:
          - _config is mapping
          - _config.base is sequence
          - _config.extra is sequence
        fail_msg: "{{ bootstrap_var_key }} must be a dict with base/extra/conditional keys."
        quiet: true

    - name: Install Ubuntu base system
      ansible.builtin.command: >-
        debootstrap
        --keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg
        --include={{ bootstrap_ubuntu_base_csv }}
        {{ bootstrap_ubuntu_release }} /mnt
        https://archive.ubuntu.com/ubuntu/
      register: bootstrap_ubuntu_base_result
      changed_when: bootstrap_ubuntu_base_result.rc == 0

    - name: Enable universe repository
      ansible.builtin.replace:
        path: /mnt/etc/apt/sources.list
        regexp: '^(deb\s+\S+\s+\S+\s+main)$'
        replace: '\1 universe'

    - name: Update package lists
      ansible.builtin.command: "{{ chroot_command }} apt update"
      register: bootstrap_ubuntu_update_result
      changed_when: bootstrap_ubuntu_update_result.rc == 0

    - name: Install extra packages
      when: bootstrap_ubuntu_extra_args | trim | length > 0
      ansible.builtin.command: "{{ chroot_command }} apt install -y {{ bootstrap_ubuntu_extra_args }}"
      register: bootstrap_ubuntu_extra_result
      changed_when: bootstrap_ubuntu_extra_result.rc == 0