- name: Configure the server
  hosts: localhost
  tags: algo
  vars_files:
    - config.cfg

  pre_tasks:
    - block:
      - name: Local pre-tasks
        include_tasks: playbooks/local.yml
        tags: [ 'always' ]

      - name: Local pre-tasks
        include_tasks: playbooks/local_ssh.yml
        become: false
        when: Deployed_By_Algo is defined and Deployed_By_Algo == "Y"
        tags: [ 'local' ]
      rescue:
        - debug: var=fail_hint
          tags: always
        - fail:
          tags: always

  roles:
    - { role: cloud-digitalocean, tags: ['digitalocean'] }
    - { role: cloud-ec2, tags: ['ec2'] }
    - { role: cloud-gce, tags: ['gce'] }
    - { role: cloud-azure, tags: ['azure'] }
    - { role: cloud-scaleway, tags: ['scaleway'] }
    - { role: cloud-openstack, tags: ['openstack'] }
    - { role: local, tags: ['local'] }

  post_tasks:
    - block:
      - name: Local post-tasks
        include_tasks: playbooks/post.yml
        become: false
        tags: [ 'cloud' ]
      rescue:
        - debug: var=fail_hint
          tags: always
        - fail:
          tags: always

- name: Configure the server and install required software
  hosts: vpn-host
  gather_facts: false
  tags: algo
  become: true
  vars_files:
    - config.cfg

  pre_tasks:
    - block:
      - name: Common pre-tasks
        include_tasks: playbooks/common.yml
        tags: [ 'digitalocean', 'ec2', 'gce', 'azure', 'lightsail', 'scaleway', 'openstack', 'local', 'pre' ]
      rescue:
        - debug: var=fail_hint
          tags: always
        - fail:
          tags: always

  roles:
    - { role: dns_adblocking, tags: [ 'dns', 'adblock' ] }
    - { role: ssh_tunneling, tags: [ 'ssh_tunneling' ] }
    - { role: wireguard, tags: [ 'vpn', 'wireguard' ], when: wireguard_enabled }
    - { role: vpn, tags: [ 'vpn' ] }

  post_tasks:
    - block:
      - debug:
          msg:
            - "{{ congrats.common.split('\n') }}"
            - "    {{ congrats.p12_pass }}"
            - "    {% if Store_CAKEY is defined and Store_CAKEY == 'N' %}{% else %}{{ congrats.ca_key_pass }}{% endif %}"
            - "    {% if cloud_deployment is defined %}{{ congrats.ssh_access }}{% endif %}"
        tags: always

      - name: Save the CA key password
        local_action: >
          shell echo "{{ easyrsa_CA_password }}" > /tmp/ca_password
        become: no
        tags: tests

      - name: Delete the CA key
        local_action:
          module: file
          path: "configs/{{ IP_subject_alt_name }}/pki/private/cakey.pem"
          state: absent
        become: no
        tags: always
        when: Store_CAKEY is defined and Store_CAKEY == "N"
      rescue:
        - debug: var=fail_hint
          tags: always
        - fail:
          tags: always