---

- hosts: all
  vars:
    APPLET_DOWNLOAD_HOST: https://demo.jumpserver.org
    IGNORE_VERIFY_CERTS: true
    HOST_NAME: test
    HOST_ID: 00000000-0000-0000-0000-000000000000
    CORE_HOST: https://demo.jumpserver.org
    BOOTSTRAP_TOKEN: PleaseChangeMe
    RDS_Licensing: false
    RDS_LicenseServer: 127.0.0.1
    RDS_LicensingMode: 4
    RDS_fSingleSessionPerUser: 1
    RDS_MaxDisconnectionTime: 60000
    RDS_RemoteAppLogoffTimeLimit: 0
    TinkerInstaller: Tinker_Installer.exe

  tasks:
    - name: Install RDS-RD-Server (RDS)
      ansible.windows.win_feature:
        name: RDS-RD-Server
        state: present
        include_management_tools: yes
      register: rds_install

    - name: Stop Tinker before install (jumpserver)
      ansible.windows.win_powershell:
        script: |
          if (Get-Process -Name 'tinker' -ErrorAction SilentlyContinue) {
            TASKKILL /F /IM tinker.exe /T
          }
          else {
           $Ansible.Changed = $false
          }

    - name: Stop Tinkerd before install (jumpserver)
      ansible.windows.win_powershell:
        script: |
          if (Get-Service -Name 'JumpServer Tinker' -ErrorAction SilentlyContinue) {
            Stop-Service -Name 'JumpServer Tinker' -Force
          }
          else {
           $Ansible.Changed = $false
          }

    - name: Download JumpServer Tinker installer (jumpserver)
      ansible.windows.win_get_url:
        url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/{{ TinkerInstaller }}"
        dest: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
        validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"

    - name: Install JumpServer Tinker (jumpserver)
      ansible.windows.win_package:
        path: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
        arguments:
          - /VERYSILENT
          - /SUPPRESSMSGBOXES
          - /NORESTART
        state: present

    - name: Set Tinkerd on the global system path (jumpserver)
      ansible.windows.win_path:
        elements:
          - '%USERPROFILE%\AppData\Local\Programs\Tinker\'
        scope: user

    - name: Download python-3.10.11
      ansible.windows.win_get_url:
        url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/python-3.10.11-amd64.exe"
        dest: "{{ ansible_env.TEMP }}\\python-3.10.11-amd64.exe"
        validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"

    - name: Install the python-3.10.11
      ansible.windows.win_package:
        path: "{{ ansible_env.TEMP }}\\python-3.10.11-amd64.exe"
        product_id: '{371d0d73-d418-4ffe-b280-58c3e7987525}'
        arguments:
          - /quiet
          - InstallAllUsers=1
          - PrependPath=1
          - Include_test=0
          - Include_launcher=0
        state: present
      register: win_install_python

    - name: Check pip command exists
      ansible.windows.win_powershell:
        script: |
          if (Get-Command -Name 'pip' -ErrorAction SilentlyContinue) {
            $Ansible.Changed = $false
          }
          else {
           $Ansible.Changed = $true
          }
      register: check_pip_command
      ignore_errors: yes

    - name: Reboot if installing requires it
      ansible.windows.win_reboot:
        post_reboot_delay: 10
        test_command: whoami
      when: check_pip_command.changed or rds_install.reboot_required or win_install_python.reboot_required

    - name: Set RDS LicenseServer (regedit)
      ansible.windows.win_regedit:
        path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
        name: LicenseServers
        data: "{{ RDS_LicenseServer }}"
        type: string
      when: RDS_Licensing

    - name: Set RDS LicensingMode (regedit)
      ansible.windows.win_regedit:
        path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
        name: LicensingMode
        data: "{{ RDS_LicensingMode }}"
        type: dword
      when: RDS_Licensing

    - name: Set RDS fSingleSessionPerUser (regedit)
      ansible.windows.win_regedit:
        path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
        name: fSingleSessionPerUser
        data: "{{ RDS_fSingleSessionPerUser }}"
        type: dword
      when: RDS_Licensing

    - name: Set RDS MaxDisconnectionTime (regedit)
      ansible.windows.win_regedit:
        path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
        name: MaxDisconnectionTime
        data: "{{ RDS_MaxDisconnectionTime }}"
        type: dword
      when: RDS_MaxDisconnectionTime >= 60000

    - name: Set RDS RemoteAppLogoffTimeLimit (regedit)
      ansible.windows.win_regedit:
        path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
        name: RemoteAppLogoffTimeLimit
        data: "{{ RDS_RemoteAppLogoffTimeLimit }}"
        type: dword

    - name: Download pip packages
      ansible.windows.win_get_url:
        url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/pip_packages.zip"
        dest: "{{ ansible_env.TEMP }}\\pip_packages.zip"
        validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"

    - name: Unzip pip_packages
      community.windows.win_unzip:
        src: "{{ ansible_env.TEMP }}\\pip_packages.zip"
        dest: "{{ ansible_env.TEMP }}\\pip_packages"

    - name: Install python requirements offline
      ansible.windows.win_powershell:
        script: |
          pip install -r '{{ ansible_env.TEMP }}\pip_packages\pip_packages\requirements.txt' --no-index --find-links='{{ ansible_env.TEMP }}\pip_packages\pip_packages'

    - name: Download chromedriver (Chrome)
      ansible.windows.win_get_url:
        url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chromedriver_win32.zip"
        dest: "{{ ansible_env.TEMP }}\\chromedriver_win32.zip"
        validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"

    - name: Unzip chromedriver (Chrome)
      community.windows.win_unzip:
        src: "{{ ansible_env.TEMP }}\\chromedriver_win32.zip"
        dest: C:\Program Files\JumpServer\drivers\chromedriver_win32

    - name: Download Chrome zip package (Chrome)
      ansible.windows.win_get_url:
        url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chrome-win.zip"
        dest: "{{ ansible_env.TEMP }}\\chrome-win.zip"
        validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"

    - name: Unzip Chrome (Chrome)
      community.windows.win_unzip:
        src: "{{ ansible_env.TEMP }}\\chrome-win.zip"
        dest: C:\Program Files\JumpServer\applications

    - name: Check and Clean global system path (Chrome)
      ansible.windows.win_path:
        elements:
          - 'C:\Program Files\Chrome\chrome-win32'
          - 'C:\Program Files\Chrome\chrome-win'
          - 'C:\Program Files\chrome-win'
        state: absent

    - name: Set Chrome and driver on the global system path (Chrome)
      ansible.windows.win_path:
        elements:
          - 'C:\Program Files\JumpServer\applications\Chrome\Application'
          - 'C:\Program Files\JumpServer\drivers\chromedriver_win32'

    - name: Set Chrome variables disable Google Api (Chrome)
      ansible.windows.win_environment:
        level: machine
        variables:
          GOOGLE_API_KEY: ''
          GOOGLE_DEFAULT_CLIENT_ID: ''
          GOOGLE_DEFAULT_CLIENT_SECRET: ''

    - name: Generate tinkerd component config
      ansible.windows.win_powershell:
        script: |
          tinkerd config --hostname {{ HOST_NAME }} --core_host {{ CORE_HOST }} --token {{ BOOTSTRAP_TOKEN }} --host_id {{ HOST_ID }} --ignore-verify-certs {{ IGNORE_VERIFY_CERTS }}

    - name: Install tinkerd service
      ansible.windows.win_powershell:
        script: |
          tinkerd service install

    - name: Start tinkerd service
      ansible.windows.win_powershell:
        script: |
          tinkerd service start

    - name: Wait Tinker api health
      ansible.windows.win_uri:
        url: http://localhost:6068/api/health/
        status_code: 200
        method: GET
      register: _result
      until: _result.status_code == 200
      retries: 30
      delay: 5

    - name: Sync all remote applets
      ansible.windows.win_powershell:
        script: |
          tinkerd install all