---
# file: tasks/main.yaml

- name: Edit repositories
  include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml"
  tags:
    - aws-edit-repo

- name: Prerequisites
  ansible.builtin.package:
    name: "{{ packages | flatten(levels=1) }}"
    state: "latest"
  tags:
    - aws-inst-prerequisites

- name: Load Kernel Modules By Default
  ansible.builtin.lineinfile:
    path: "/etc/modules"
    state: "present"
    line: "{{ item }}"
  with_items:
    - "igb_uio"
    - "vfio-pci"
  tags:
    - aws-load-kernel-modules

- name: Add Kernel Modules Options (igb_uio)
  ansible.builtin.lineinfile:
    path: "/etc/modprobe.d/igb_uio.conf"
    state: "present"
    line: "{{ item }}"
    create: "yes"
  with_items:
    - "options igb_uio wc_activate=1"
  tags:
    - aws-load-kernel-modules

- name: Add Kernel Modules Options (vfio-pci)
  ansible.builtin.lineinfile:
    path: "/etc/modprobe.d/vfio-noiommu.conf"
    state: "present"
    line: "{{ item }}"
    create: "yes"
  with_items:
    - "options vfio enable_unsafe_noiommu_mode=1"
  tags:
    - aws-load-kernel-modules

- name: Kernel Parameters
  ansible.builtin.lineinfile:
    path: "/etc/default/grub"
    state: "present"
    regexp: "^GRUB_CMDLINE_LINUX="
    line: "GRUB_CMDLINE_LINUX=iommu=1 intel_iommu=on"
  notify:
    - "Update GRUB"
  tags:
    - perf-conf-grub

- meta: flush_handlers

- name: Disable Password Login
  ansible.builtin.lineinfile:
    dest: "/etc/ssh/sshd_config"
    regexp: "^PasswordAuthentication yes"
    line: "PasswordAuthentication no"
  notify:
    - "Restart SSHd"
  tags:
    - conf-ssh

- name: Recursively Delete Other Configs
  ansible.builtin.file:
    path: "/etc/ssh/sshd_config.d"
    state: "absent"
  tags:
    - conf-ssh

#- name: Get vfio-pci With WC Patcher
#  ansible.builtin.get_url:
#    url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh"
#    dest: "/opt/get-vfio-with-wc.sh"
#    mode: 0744
#  tags:
#    - aws-vfio-patch
#
#- name: Create vfio-pci Patch Directory
#  ansible.builtin.file:
#    path: "/opt/patches/"
#    state: "directory"
#  tags:
#    - aws-vfio-patch
#
#- name: Get vfio-pci WC Patch
#  ansible.builtin.get_url:
#    url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/{{ item }}"
#    dest: "/opt/patches/{{ item }}"
#    mode: 0744
#  with_items:
#    - "linux-4.10-vfio-wc.patch"
#    - "linux-5.8-vfio-wc.patch"
#    - "linux-5.15-vfio-wc.patch"
#  tags:
#    - aws-vfio-patch
#
#- name: Copy vfio-pci WC Patch
#  ansible.builtin.copy:
#    src: "files/get-vfio-with-wc.sh"
#    dest: "/opt"
#    mode: 0744
#  tags:
#    - aws-vfio-patch
#
#- name: Compile vfio-pci With WC Patch
#  ansible.builtin.shell: "/bin/bash /opt/get-vfio-with-wc.sh"
#  environment:
#    DEBIAN_FRONTEND: "noninteractive"
#    TERM: "vt100"
#  tags:
#    - aws-vfio-patch

- name: Adjust nr_hugepages
  ansible.builtin.sysctl:
    name: "vm.nr_hugepages"
    value: "8192"
    state: "present"
    sysctl_file: "/etc/sysctl.d/90-csit.conf"
    reload: true
  tags:
    - aws-set-hugepages

- name: Shutdown host with delay
  ansible.builtin.command: "/sbin/shutdown -P +720"
  tags:
    - aws-set-self-terminate