---
# Devops Ansible Script
# Playbook:     pritunl_users.yaml
# Description:  Add, enable, disable or remove pritunl vpn users
# Author:       Mauro Rosero P.
# Email:        mauro@rosero.one (mauro.rosero@gmail.com)
# Organization: ROSERO ONE
# Created:      Ene 04, 2025 12:00:00
# Updated:      2025-01-05 00:00:00


- name: PLAYBOOK - {{ playbook_program | upper }} ({{ playbook_description | upper }})
  hosts: [localhost]
  become: no
  gather_facts: no

  vars:
    playbook_program:       'pritunl_users'
    playbook_description:   'Add, enable, disable or remove pritunl vpn users'
    managed_sufix:          'pritunl-vpn'
    main_action:            'MANAGE PRITUNL VPN USERS'
    language:               "{{ lang_modified | default(default_lang, true) }}"
    messages_file:          "{{ messages_path }}/{{ messages_prefix | upper}}-{{ language | upper }}.yaml"

  pre_tasks:

  - name: PRE -- LOAD FULL LANGUAGE MESSAGES FOR THIS PLAYBOOK
    include_tasks:
      file: includes/load_messages.yaml
    run_once: true

  - name: PRE -- SET PRITUNL VPN CREDENTIALS SOPS FILE
    set_fact:
      sops_file: '{{ sops_vpnadm_file }}'

  - name: PRE -- GET REQUIRED SOPS CREDENTIALS
    include_tasks:
      file: includes/sops_credentials.yaml
    run_once: true

  - name: Check for succesfull credential vars loaded
    ansible.builtin.assert:
      that:
        - sops_vars is defined
        - sops_vars.PRITUNL_SECRET is defined
        - sops_vars.PRITUNL_TOKEN is defined
      fail_msg: "{{ messages.console.error.credentials_fail }}"
      quiet: true
    run_once: true

  - name: Check if pritunl action is defined
    ansible.builtin.assert:
      that:
        - input_pritunl_action is not defined or ( input_pritunl_action is defined and input_pritunl_action in ["add", "remove", "enable", "disable"] )
      fail_msg: "{{ messages.console.error.no_pritunl_action }}"
      quiet: true
    run_once: true

  - name: Check if pritunl user is defined
    ansible.builtin.assert:
      that:
        - input_pritunl_user is defined
      fail_msg: "{{ messages.console.error.no_pritunl_user }}"
      quiet: true
    run_once: true

  - name: Check if pritunl email for user is defined
    ansible.builtin.assert:
      that:
        - input_pritunl_email is defined
      fail_msg: "{{ messages.console.error.no_pritunl_email }}"
      quiet: true
    when: input_pritunl_action is not defined or ( input_pritunl_action is defined and input_pritunl_action != "remove" )
    run_once: true

  tasks:

  - block:

    - name: --|| WAIT FOR SERVER(S) CONNECTION
      wait_for_connection:
        timeout: '{{ sysop_timeout_connection | int }}'
      when: ansible_connection is defined and ansible_connection != 'local'

    - block:

      - name: --|| ADD PRITUNL VPN USER ({{ input_pritunl_user | upper }})
        community.general.pritunl_user:
          pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}"
          pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}"
          pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}"
          organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}"
          user_name: '{{ input_pritunl_user | lower }}'
          user_email: '{{ input_pritunl_email | lower }}'
          user_disabled: '{{ platform_pritunl_usr_default }}'
          user_gravatar: '{{ platform_pritunl_img_default }}'
        when: input_pritunl_action is not defined or ( input_pritunl_action is defined and input_pritunl_action == 'add' )

      - name: --|| REMOVE PRITUNL VPN USER ({{ input_pritunl_user | upper }})
        community.general.pritunl_user:
          pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}"
          pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}"
          pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}"
          state: absent
          organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}"
          user_name: '{{ input_pritunl_user | lower }}'
        when: input_pritunl_action is defined and input_pritunl_action == 'remove'

      - name: --|| ENABLE PRITUNL VPN USER ({{ input_pritunl_user | upper }})
        community.general.pritunl_user:
          pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}"
          pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}"
          pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}"
          organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}"
          user_name: '{{ input_pritunl_user | lower }}'
          user_email: '{{ input_pritunl_email | lower }}'
          user_disabled: false
        when: input_pritunl_action is defined and input_pritunl_action == 'enable'

      - name: --|| DISABLE PRITUNL VPN USER ({{ input_pritunl_user | upper }})
        community.general.pritunl_user:
          pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}"
          pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}"
          pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}"
          organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}"
          user_name: '{{ input_pritunl_user | lower }}'
          user_email: '{{ input_pritunl_email | lower }}'
          user_disabled: true
        when: input_pritunl_action is defined and input_pritunl_action == 'disable'

      when: true

    when: true