- name: Create config directory
  file:
    path: /etc/nebula
    state: directory
    mode: "0700"
  become: true

- name: Install nebula
  package:
    name: nebula
  when: ansible_os_family == 'Archlinux'
  become: true

- name: Manually install nebula
  block:
    - name: Install binaries
      unarchive:
        src: https://github.com/slackhq/nebula/releases/download/v{{ nebula_version }}/nebula-linux-amd64.tar.gz
        dest: /usr/bin
        remote_src: true
        mode: "0755"

    - name: Install service
      get_url:
        url: https://raw.githubusercontent.com/slackhq/nebula/v{{ nebula_version }}/dist/arch/nebula.service
        dest: /usr/lib/systemd/system/nebula.service
        mode: "0644"
  when: ansible_os_family != 'Archlinux'
  tags:
    - skip_ansible_lint
  notify: restart nebula
  become: true

- name: Install config
  template:
    src: files/nebula.yml
    dest: /etc/nebula/config.yml
    mode: "0600"
  become: true
  notify: restart nebula

- name: Install CA certificate
  template:
    src: files/ca.crt
    dest: /etc/nebula/ca.crt
    mode: "0600"
  become: true
  notify: restart nebula

- name: Install client certificates
  template:
    src: files/certs/{{ item }}
    dest: /etc/nebula/{{ item }}
    mode: "0600"
  loop:
    - "{{ ansible_hostname }}.key"
    - "{{ ansible_hostname }}.crt"
  become: true
  notify: restart nebula

- name: Enable service
  service:
    name: nebula
    enabled: true
  become: true