- name: Define keys for pacman
  set_fact:
    keys:
      - '1EDDE2CDFC025D17F6DA9EC0ADAE6AD28A8F901A'  # Sublime Text
      - 'EF6E286DDA85EA2A4BA7DE684E2C6E8793298290'  # Tor Browser
      - '9D5F1C051D146843CDA4858BDE64825E7CBC0D51'  # ArchStrike

- name: Install pacman config
  template:
    src: ./files/pacman.conf
    dest: /etc/pacman.conf
    mode: 0644

- name: "Get installed pacman keys"
  shell: "pacman-key --list-keys"
  register: pacman_keys

- name: "Get known GPG keys"
  shell: "gpg --list-keys"
  become: true
  become_user: "{{ user }}"
  register: known_gpg_keys

- name: "Add keys to pacman"
  shell: "pacman-key -r {{ item }}"
  when: "item not in pacman_keys.stdout"
  loop: "{{ keys }}"

- name: "Sign keys in pacman"
  shell: "pacman-key --lsign-key {{ item }}"
  when: "item not in pacman_keys.stdout"
  loop: "{{ keys }}"

- name: "Add keys to local keyring"
  shell: "gpg --recv-keys {{ item }}"
  become: true
  become_user: "{{ user }}"
  when: "item not in known_gpg_keys.stdout"
  loop: "{{ keys }}"

- name: Create aur_builder user
  user:
    name: aur_builder
    group: wheel
    password_lock: true
    shell: /usr/bin/nologin

- name: Allow aur_builder user to run pacman as root
  lineinfile:
    path: /etc/sudoers.d/11-install-aur_builder
    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
    create: true
    validate: 'visudo -cf %s'

- name: "Get installed packages"
  shell: "pacman -Qq"
  become: true
  become_user: aur_builder
  register: installed_packages


- name: "Install yay"
  aur:
    skip_installed: true
    name: yay
  become: true
  become_user: aur_builder

- name: "Install additional repo keyrings"
  aur:
    skip_installed: true
    name: "{{ item }}"
  become: true
  become_user: aur_builder
  when: "item not in installed_packages.stdout_lines"
  loop:
    - 'archstrike-keyring'

- name: "Install ccache"
  aur:
    skip_installed: true
    name: ccache
  become: true
  become_user: aur_builder

- name: "Install makepkg tools"
  aur:
    skip_installed: true
    name: "{{ items }}"
  become: true
  become_user: aur_builder
  when: "item not in installed_packages.stdout_lines"
  loop:
    - pbzip2
    - zstd

- name: "Install makepkg config"
  template:
    src: ./files/makepkg.conf
    dest: "/etc/makepkg.conf"
    mode: 0644

- name: "Install Reflector"
  aur:
    skip_installed: true
    name: reflector
  become: true
  become_user: aur_builder

- name: Install Reflector service
  template:
    src: ./files/reflector.service
    dest: /etc/systemd/system/reflector.service
    mode: 0644
    owner: root
    group: root

- name: Enable Reflector services
  systemd:
    name: "reflector"
    enabled: true