---
# K3s server installation and configuration

- name: Check if K3s is already installed
  stat:
    path: /usr/local/bin/k3s
  register: k3s_binary

- name: Get installed K3s version
  command: k3s --version
  register: installed_version
  changed_when: false
  failed_when: false
  when: k3s_binary.stat.exists

- name: Determine if this is the first server
  set_fact:
    is_first_server: "{{ ansible_default_ipv4.address == k3s_server_1_ip }}"

- name: Install K3s on first server (cluster-init)
  shell: |
    curl -sfL {{ k3s_install_url }} | INSTALL_K3S_VERSION="{{ k3s_version }}" sh -s - server \
      --cluster-init \
      --tls-san {{ k3s_server_1_ip }} \
      --tls-san {{ k3s_server_2_ip }} \
      --write-kubeconfig-mode 644 \
      --disable traefik \
      --node-ip {{ ansible_default_ipv4.address }}
  when:
    - is_first_server
    - not k3s_binary.stat.exists or (k3s_version not in installed_version.stdout)
  environment:
    INSTALL_K3S_SKIP_START: "false"

- name: Wait for first server to be ready
  wait_for:
    host: "{{ k3s_server_1_ip }}"
    port: 6443
    delay: 10
    timeout: 300
  when: is_first_server

- name: Get K3s token from first server
  slurp:
    src: /var/lib/rancher/k3s/server/node-token
  register: k3s_token_encoded
  when: is_first_server
  run_once: true

- name: Save K3s token
  set_fact:
    k3s_token: "{{ k3s_token_encoded.content | b64decode | trim }}"
  when: is_first_server

- name: Install K3s on second server (join cluster)
  shell: |
    curl -sfL {{ k3s_install_url }} | INSTALL_K3S_VERSION="{{ k3s_version }}" sh -s - server \
      --server https://{{ k3s_server_1_ip }}:6443 \
      --token {{ k3s_token | default('PLACEHOLDER') }} \
      --tls-san {{ k3s_server_2_ip }} \
      --write-kubeconfig-mode 644 \
      --disable traefik \
      --node-ip {{ ansible_default_ipv4.address }}
  when:
    - not is_first_server
    - not k3s_binary.stat.exists or (k3s_version not in installed_version.stdout)

- name: Enable and start k3s service
  systemd:
    name: k3s
    state: started
    enabled: yes

- name: Wait for K3s to be ready
  command: k3s kubectl get nodes
  register: kubectl_result
  until: kubectl_result.rc == 0
  retries: 30
  delay: 10
  changed_when: false

- name: Create pre-reboot script
  copy:
    src: k3s-pre-reboot.sh
    dest: /usr/local/bin/k3s-pre-reboot.sh
    mode: '0755'

- name: Create systemd service for pre-reboot drain
  copy:
    dest: /etc/systemd/system/k3s-pre-reboot.service
    content: |
      [Unit]
      Description=Drain k3s node before reboot
      Before=reboot.target
      Before=shutdown.target
      DefaultDependencies=no

      [Service]
      Type=oneshot
      ExecStart=/usr/local/bin/k3s-pre-reboot.sh
      TimeoutStartSec=300

      [Install]
      WantedBy=reboot.target
      WantedBy=shutdown.target
    mode: '0644'
  notify: reload systemd

- name: Enable pre-reboot service
  systemd:
    name: k3s-pre-reboot
    enabled: yes
    daemon_reload: yes

- name: Install FluxCD (only on first server)
  include_tasks: flux.yml
  when: is_first_server