---
- name: Check if flux is already installed
  command: k3s kubectl get namespace {{ flux_namespace }}
  register: flux_installed
  changed_when: false
  failed_when: false

- name: Download Flux CLI
  get_url:
    url: >-
      https://github.com/fluxcd/flux2/releases/download/
      {{- flux_version }}/
      {{- 'flux_' }}{{ flux_version | replace('v', '') }}_linux_amd64.tar.gz
    dest: /tmp/flux.tar.gz
    mode: '0644'
  when: flux_installed.rc != 0

- name: Extract Flux CLI
  unarchive:
    src: /tmp/flux.tar.gz
    dest: /usr/local/bin
    remote_src: true
    creates: /usr/local/bin/flux
  when: flux_installed.rc != 0

- name: Install FluxCD in cluster
  shell: |
    export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
    /usr/local/bin/flux install --namespace={{ flux_namespace }}
  when: flux_installed.rc != 0
  register: flux_install_result
  changed_when: "'installed' in flux_install_result.stdout"

- name: Wait for FluxCD to be ready
  shell: |
    export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
    /usr/local/bin/flux check
  register: flux_check
  until: flux_check.rc == 0
  retries: 30
  delay: 10
  changed_when: false
  when: flux_installed.rc != 0

- name: Load Forgejo token from environment
  set_fact:
    forgejo_token: "{{ lookup('env', 'FORGEJO_TOKEN') }}"
    forgejo_repo_url: "{{ lookup('env', 'REPO_URL') }}"

- name: Create Forgejo secret for FluxCD
  shell: |
    export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
    k3s kubectl create secret generic forgejo-auth \
      --namespace={{ flux_namespace }} \
      --from-literal=username=git \
      --from-literal=password={{ forgejo_token }} \
      --dry-run=client -o yaml | k3s kubectl apply -f -
  when: flux_installed.rc != 0

- name: Create GitRepository manifest
  copy:
    dest: /tmp/gitrepository.yaml
    content: |
      apiVersion: source.toolkit.fluxcd.io/v1
      kind: GitRepository
      metadata:
        name: infra
        namespace: {{ flux_namespace }}
      spec:
        interval: 1m
        url: {{ forgejo_repo_url }}
        ref:
          branch: main
        secretRef:
          name: forgejo-auth
    mode: '0644'
  when: flux_installed.rc != 0

- name: Apply GitRepository
  shell: |
    export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
    k3s kubectl apply -f /tmp/gitrepository.yaml
  when: flux_installed.rc != 0

- name: Create Kustomization manifest
  copy:
    dest: /tmp/kustomization.yaml
    content: |
      apiVersion: kustomize.toolkit.fluxcd.io/v1
      kind: Kustomization
      metadata:
        name: apps
        namespace: {{ flux_namespace }}
      spec:
        interval: 1m
        sourceRef:
          kind: GitRepository
          name: infra
        path: ./k8s
        prune: true
        wait: true
    mode: '0644'
  when: flux_installed.rc != 0

- name: Apply Kustomization
  shell: |
    export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
    k3s kubectl apply -f /tmp/kustomization.yaml
  when: flux_installed.rc != 0

- name: Display FluxCD installation status
  debug:
    msg: "FluxCD configured to sync from {{ forgejo_repo_url }}"
  when: flux_installed.rc != 0