# -*- mode: ruby -*-
# vi: set ft=ruby :

# Require YAML module
require 'yaml'
 
# Read YAML file with box details
inventory = YAML.load_file('inventory/hosts')

Vagrant.configure("2") do |pfservers|

  ## Global settings for pfservers
  # disable synced folders
  pfservers.vm.synced_folder ".", "/vagrant", disabled: true
  
  # use same private key on all machines
  pfservers.ssh.insert_key = false

  # provisionners
  # Sync timezone with host
  pfservers.vm.provision "shell", inline: "sudo rm /etc/localtime && sudo ln -s /usr/share/zoneinfo/#{inventory['all']['vars']['tz']} /etc/localtime", run: "always"

  # Allow SSH as root with insecure_private_key
  pfservers.vm.provision "ssh", type:"shell", inline: "sudo mkdir -p /root/.ssh && sudo cp /home/vagrant/.ssh/authorized_keys /root/.ssh/"

  # Provision with ansible
  pfservers.vm.provision "ansible" do |ansible|
    ansible.playbook = "site.yml"
    ansible.config_file = "ansible.cfg"
    ansible.inventory_path = "inventory"
    ansible.galaxy_role_file = "requirements.yml"
    # only for debug
    #ansible.verbose = "-v"
  end

  # Use to run only tasks tagged "install" in site.yml
  pfservers.vm.provision "config", type:"ansible", run:"never" do |config|
    config.playbook = "site.yml"
    config.config_file = "ansible.cfg"
    config.inventory_path = "inventory"
    config.tags = "install"
    # only for debug
    #ansible.verbose = "-v"
  end

  # Use to run only tasks tagged "upgrade" in site.yml
  pfservers.vm.provision "upgrade", type:"ansible", run:"never" do |config|
    config.playbook = "site.yml"
    config.config_file = "ansible.cfg"
    config.inventory_path = "inventory"
    config.tags = "upgrade"
    # only for debug
    #ansible.verbose = "-v"
  end

  pfservers.vm.provision "api_config", type:"ansible", run:"never" do |config|
    config.playbook = "site.yml"
    config.config_file = "ansible.cfg"
    config.inventory_path = "inventory"
    config.tags = "install"
    config.start_at_task = "include api_config tasks"
    # only for debug
    #ansible.verbose = "-v"
  end

  # loop on **all** host(s) in pfservers group in inventory to create VM(s)
  inventory['all']['children']['pfservers']['children'].each do |groups, hosts|
    hosts['hosts'].each do |server, details|
      # don't start automatically virtual machines
      pfservers.vm.define server, autostart: false do |srv|
        srv.vm.box = details['box']
        srv.vm.hostname = server

        # mgmt
        # libvirt__forward_mode: "route" mean:
        # Allow inbound, but only to our expected subnet. Allow outbound, but
        # only from our expected subnet. Allow traffic between guests. Deny
        # all other inbound. Deny all other outbound.
        srv.vm.network "private_network", ip: details['mgmt_ip'], netmask: details['mgmt_netmask'], libvirt__dhcp_enabled: false, libvirt__forward_mode: "route"

        # registration
        # libvirt__forward_mode: "none" mean:
        # Allow traffic between guests. Deny inbound. Deny outbound.
        srv.vm.network "private_network", ip: details['reg_ip'], netmask: details['reg_netmask'], libvirt__dhcp_enabled: false, libvirt__forward_mode: "none"

        # isolation
        srv.vm.network "private_network", ip: details['iso_ip'], netmask: details['iso_netmask'], libvirt__dhcp_enabled: false, libvirt__forward_mode: "none"

        srv.vm.provider "libvirt" do |v|
          v.random_hostname = true
          v.cpus = details['cpus']
          v.memory = details['memory']
        end
      
        srv.vm.provider "virtualbox" do |v|
          v.cpus = details['cpus']
          v.memory = details['memory']
        end
      end
    end
  end
  inventory['all']['children']['pfservers']['children']['dev']['hosts'].each do |server,details|
    pfservers.vm.define server do |srv|
      # we mount PF sources in VM
      # override to avoid issue with symlink without referent
      # see https://github.com/hashicorp/vagrant/issues/5471
      srv.vm.synced_folder "../..", "/src", type: "rsync", rsync__args: ["--verbose", "--archive", "--delete", "-z"]

      # provisioner for dev machines
      #srv.vm.provision "setup-dev-env", type: "shell", path: "../dev-helpers/setup-dev-env.sh"
    end
  end
end
