- name: Create temporary netbird unarchive directory
  file: 
    path: "/tmp/netbird_{{ netbird_version }}"
    state: directory
    mode: '0700'
    owner: root
    group: root

- name: Download and verify the netbird archive
  get_url:
    url: "https://github.com/netbirdio/netbird/releases/download/v{{ netbird_version }}/netbird_{{ netbird_version }}_linux_arm64.tar.gz"
    dest: "/tmp/netbird-{{ netbird_version }}.linux-arm64.tar.gz"
    checksum: "sha256:{{ netbird_sha256 }}"
  register: download_result

- name: Unarchive netbird binary
  unarchive:
    src: "{{ download_result.dest }}"
    dest: "/tmp/netbird_{{ netbird_version }}"
    remote_src: true # Indicates the source file is on the remote host
    owner: root
    group: root
    mode: 0755

- name: Copy netbird binary to /usr/local/bin
  copy:
    src: "/tmp/netbird_{{ netbird_version }}/netbird"
    dest: "/usr/local/bin/netbird-{{ netbird_version }}"
    owner: root
    group: root
    mode: '0755'
    remote_src: yes

- name: Create netbird binary symlink
  file:
    src: "/usr/local/bin/netbird-{{ netbird_version }}"
    dest: "/usr/local/bin/netbird"
    state: link
    owner: root
    group: root
    mode: '0755' # Permissions for the target file
    force: yes 

- name: Run command to generate netbird systemd unit file
  command: 
    cmd: /usr/local/bin/netbird service install
    creates: /etc/systemd/system/netbird.service
  register: netbird_service

- name: systemctl daemon-reload to pickup netbird service changes
  systemd_service:
    daemon_reload: true
  when: netbird_service.changed
  notify: restart netbird

- name: Start and enable netbird service
  service:
    name: netbird
    state: started
    enabled: true
    daemon_reload: true

- name: Run netbird up with setup key
  command:
    cmd: /usr/local/bin/netbird up --setup-key {{ netbird_setup_key }} --management-url https://netbird.jthan.io:443

- name: Create netbird firewalld zone
  ansible.posix.firewalld:
    zone: netbird
    state: present
    permanent: true

- name: Set netbird zone target to ACCEPT
  ansible.posix.firewalld:
    zone: netbird
    state: present
    permanent: true
    target: ACCEPT

- name: Add netbird interface to netbird zone 
  ansible.posix.firewalld:
    zone: netbird
    interface: wt0
    permanent: true
    state: enabled