---
- name: Install packages (Archlinux)
  become: true
  community.general.pacman:
    name:
      - openvpn
  when: ansible_facts['distribution'] == 'Archlinux'

- name: Install packages (Debian)
  become: true
  ansible.builtin.apt:
    name:
      - openvpn
      # TODO: add openvpn-update-systemd-resolved equivalent for Debian
  when: ansible_facts['distribution'] == 'Debian'

- name: Clone openvpn-update-systemd-resolved
  ansible.builtin.git:
    repo: https://aur.archlinux.org/openvpn-update-systemd-resolved.git
    dest: ~/builds/openvpn-update-systemd-resolved
    clone: true
    update: false
  when: ansible_facts['distribution'] == 'Archlinux'

- name: Make and install openvpn-update-systemd-resolved
  ansible.builtin.command:
    cmd: makepkg -cirs --needed
    chdir: ~/builds/openvpn-update-systemd-resolved
  when: ansible_facts['distribution'] == 'Archlinux'
  register: result
  changed_when: "'installing existing package' not in result.stderr"

- name: Copy client confs
  become: true
  ansible.builtin.copy:
    src: "{{ ansible_facts.user_dir }}/src/secrets/setup-cockpit/protonvpn_confs/"
    dest: /etc/openvpn/client/
    mode: 0644
    owner: root
    group: root
    remote_src: true
  notify:
    - Run daemon-reload
    - Enable protonvpn service

- name: Set permissions for openvpn client directory
  become: true
  ansible.builtin.file:
    path: /etc/openvpn/client/
    state: directory
    mode: 0750
    owner: openvpn
    group: network
  notify:
    - Run daemon-reload