infra/ansible/roles/packages_ubuntu/tasks/main.yml

---
- name: Gather installed package facts
  tags: [packages]
  ansible.builtin.package_facts:
    manager: auto

- name: Ensure architecture is supported for Google Chrome
  tags: [packages]
  ansible.builtin.fail:
    msg: "Unsupported architecture {{ ansible_facts['architecture'] }} for Google Chrome stable package"
  when:
    - workstation_manage_google_chrome | default(false)
    - ansible_facts['architecture'] != 'x86_64'

- name: Download Google Chrome Debian package
  tags: [packages]
  ansible.builtin.get_url:
    url: https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
    dest: /tmp/google-chrome-stable_current_amd64.deb
    mode: "0644"
  when:
    - workstation_manage_google_chrome | default(false)
    - "'google-chrome-stable' not in (ansible_facts.packages | default({}))"

- name: Install Google Chrome from downloaded Debian package
  tags: [packages]
  ansible.builtin.apt:
    deb: /tmp/google-chrome-stable_current_amd64.deb
    state: present
  when:
    - workstation_manage_google_chrome | default(false)
    - "'google-chrome-stable' not in (ansible_facts.packages | default({}))"

- name: Remove downloaded Google Chrome Debian package
  tags: [packages]
  ansible.builtin.file:
    path: /tmp/google-chrome-stable_current_amd64.deb
    state: absent
  when:
    - workstation_manage_google_chrome | default(false)
    - "'google-chrome-stable' not in (ansible_facts.packages | default({}))"

- name: Ensure Docker apt keyrings directory exists
  tags: [packages]
  ansible.builtin.file:
    path: /etc/apt/keyrings
    state: directory
    owner: root
    group: root
    mode: "0755"
  when: ubuntu_manage_docker_repo | default(false)

- name: Download Docker apt repository signing key
  tags: [packages]
  ansible.builtin.get_url:
    url: https://download.docker.com/linux/ubuntu/gpg
    dest: /etc/apt/keyrings/docker.asc
    owner: root
    group: root
    mode: "0644"
  when: ubuntu_manage_docker_repo | default(false)

- name: Configure Docker apt repository
  tags: [packages]
  ansible.builtin.apt_repository:
    repo: >-
      deb [arch={{ 'amd64' if ansible_facts['architecture'] == 'x86_64'
      else 'arm64' if ansible_facts['architecture'] in ['aarch64', 'arm64']
      else ansible_facts['architecture'] }}
      signed-by=/etc/apt/keyrings/docker.asc]
      https://download.docker.com/linux/ubuntu
      {{ ansible_facts['distribution_release'] }} stable
    filename: docker
    state: present
    update_cache: true
  when: ubuntu_manage_docker_repo | default(false)

- name: Refresh apt package cache
  tags: [packages]
  ansible.builtin.apt:
    update_cache: true
    cache_valid_time: 3600

- name: Install packages on Ubuntu
  tags: [packages]
  ansible.builtin.apt:
    name: >-
      {{
        (
          (common_packages | default([]))
        + (ubuntu_packages_base | default([]))
        + (ubuntu_docker_packages | default([]))
        + (profile_packages | default([]))
        + (desktop_common_packages | default([]))
        + (
            (desktop_i3_packages | default([]))
            if 'i3' in (desktop_sessions_enabled | default([]))
            else []
          )
        + (
            (desktop_hyprland_packages | default([]))
            if 'hyprland' in (desktop_sessions_enabled | default([]))
            else []
          )
        + (host_packages | default([]))
        ) | unique
      }}
    state: present

- name: Set Ubuntu external tool release metadata
  tags: [packages]
  ansible.builtin.set_fact:
    ubuntu_tools_tmp_dir: /tmp/ubuntu-tools
    gitmux_version: v0.11.5
    bw_version: 1.22.1
    gitmux_arch: >-
      {{
        'amd64' if ansible_facts['architecture'] == 'x86_64'
        else 'arm64' if ansible_facts['architecture'] in ['aarch64', 'arm64']
        else ''
      }}

- name: Ensure architecture is supported for gitmux binary
  tags: [packages]
  ansible.builtin.fail:
    msg: "Unsupported architecture {{ ansible_facts['architecture'] }} for gitmux release binary"
  when: gitmux_arch == ''

- name: Ensure architecture is supported for bw binary
  tags: [packages]
  ansible.builtin.fail:
    msg: "Unsupported architecture {{ ansible_facts['architecture'] }} for bw release binary"
  when: ansible_facts['architecture'] != 'x86_64'

- name: Ensure temporary directory exists for Ubuntu external tools
  tags: [packages]
  ansible.builtin.file:
    path: "{{ ubuntu_tools_tmp_dir }}"
    state: directory
    mode: "0755"

- name: Set gitmux asset metadata
  tags: [packages]
  ansible.builtin.set_fact:
    gitmux_asset: "gitmux_{{ gitmux_version }}_linux_{{ gitmux_arch }}.tar.gz"

- name: Download gitmux release archive
  tags: [packages]
  ansible.builtin.get_url:
    url: "https://github.com/arl/gitmux/releases/download/{{ gitmux_version }}/{{ gitmux_asset }}"
    dest: "{{ ubuntu_tools_tmp_dir }}/{{ gitmux_asset }}"
    checksum: "sha256:https://github.com/arl/gitmux/releases/download/{{ gitmux_version }}/checksums.txt"
    mode: "0644"

- name: Extract gitmux release archive
  tags: [packages]
  ansible.builtin.unarchive:
    src: "{{ ubuntu_tools_tmp_dir }}/{{ gitmux_asset }}"
    dest: "{{ ubuntu_tools_tmp_dir }}"
    remote_src: true

- name: Install gitmux binary
  tags: [packages]
  ansible.builtin.copy:
    src: "{{ ubuntu_tools_tmp_dir }}/gitmux"
    dest: /usr/local/bin/gitmux
    remote_src: true
    owner: root
    group: root
    mode: "0755"

- name: Set bw asset metadata
  tags: [packages]
  ansible.builtin.set_fact:
    bw_asset: "bw-linux-{{ bw_version }}.zip"

- name: Download bw release archive
  tags: [packages]
  ansible.builtin.get_url:
    url: "https://github.com/bitwarden/cli/releases/download/v{{ bw_version }}/{{ bw_asset }}"
    dest: "{{ ubuntu_tools_tmp_dir }}/{{ bw_asset }}"
    checksum: "sha256:https://github.com/bitwarden/cli/releases/download/v{{ bw_version }}/bw-linux-sha256-{{ bw_version }}.txt"
    mode: "0644"

- name: Extract bw release archive
  tags: [packages]
  ansible.builtin.unarchive:
    src: "{{ ubuntu_tools_tmp_dir }}/{{ bw_asset }}"
    dest: "{{ ubuntu_tools_tmp_dir }}"
    remote_src: true

- name: Install bw binary
  tags: [packages]
  ansible.builtin.copy:
    src: "{{ ubuntu_tools_tmp_dir }}/bw"
    dest: /usr/local/bin/bw
    remote_src: true
    owner: root
    group: root
    mode: "0755"

- name: Add user to docker group
  tags: [packages]
  ansible.builtin.user:
    name: "{{ username }}"
    groups: docker
    append: true
  when: (ubuntu_docker_packages | default([])) | length > 0

- name: Remove workstation snap packages
  tags: [packages]
  community.general.snap:
    name: "{{ item }}"
    state: absent
  loop: "{{ workstation_removed_snap_packages | default([]) }}"
  loop_control:
    label: "{{ item }}"
  when: (workstation_removed_snap_packages | default([])) | length > 0

- name: Install workstation snap packages
  tags: [packages]
  community.general.snap:
    name: "{{ item.name }}"
    classic: "{{ item.classic | default(false) }}"
    channel: "{{ item.channel | default(omit) }}"
    state: present
  loop: "{{ workstation_snap_packages | default([]) }}"
  loop_control:
    label: "{{ item.name }}"
  when: (workstation_snap_packages | default([])) | length > 0