---
- name: Create mount points
  become: true
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: 0755
    owner: root
    group: "{{ ansible_user }}"
  loop:
    - /mnt/datastore
    - /mnt/brick

- name: Determine current mounts
  vars:
    _current_mounts: []
  ansible.builtin.set_fact:
    _current_mounts: "{{ _current_mounts + [item.mount] }}"
  loop: "{{ ansible_mounts }}"
  loop_control:
    label: "{{ item.mount }}"

- name: Ensure mount points are empty when unmounted
  when: item not in _current_mounts
  ansible.builtin.command:
    cmd: "/usr/bin/ls {{ item }}"
  changed_when: false
  failed_when: _mountpoint_ls_raw.stdout
  register: _mountpoint_ls_raw
  loop:
    - /mnt/datastore
    - /mnt/brick

- name: Fetch block device information
  ansible.builtin.command:
    cmd: lsblk /dev/{{ skylab_datastore_device }} --fs --json
  changed_when: false
  register: _lsblk_info_raw

- name: Process block device information
  ansible.builtin.set_fact:
    _datastore_device_info: "{{ (_lsblk_info_raw.stdout | from_json).blockdevices[0] }}"

- name: Check state of the datastore device
  ansible.builtin.assert:
    that: _datastore_device_info.fstype == "crypto_LUKS"
    fail_msg: >-
      ERROR: Datastore block device {{ inventory_hostname }}:/dev/{{ skylab_datastore_device }}
      must be LUKS encrypted
    success_msg: >-
      Datastore block device {{ inventory_hostname }}:/dev/{{ skylab_datastore_device }} is
      LUKS encrypted

- name: Determine whether datastore block is decrypted
  ansible.builtin.set_fact:
    _datastore_device_is_decrypted: "{{ _datastore_device_info.children is defined }}"

- name: Decrypt datastore block
  when: not _datastore_device_is_decrypted
  block:
    - name: Prompt for decryption key
      no_log: true
      when: skylab_datastore_encryption_password is not defined
      ansible.builtin.pause:
        prompt: >-
          Datastore device {{ inventory_hostname }}:/dev/{{ skylab_datastore_device }} is not
          decrypted. Enter decryption passphrase to continue GlusterFS brick configuration
        echo: false
      register: _luks_decryption_key

    - name: Open LUKS device
      become: true
      community.crypto.luks_device:
        device: /dev/{{ skylab_datastore_device }}
        state: opened
        name: brick
        passphrase: "{{ _luks_decryption_key.user_input | default(skylab_datastore_encryption_password) }}"

    - name: Fetch updated block device information
      ansible.builtin.command:
        cmd: lsblk /dev/{{ skylab_datastore_device }} --fs --json
      changed_when: false
      register: _lsblk_info_raw

    - name: Process updated block device information
      ansible.builtin.set_fact:
        _datastore_device_info: "{{ (_lsblk_info_raw.stdout | from_json).blockdevices[0] }}"

- name: Create dummy fstab
  ansible.builtin.file:
    state: touch
    path: "{{ skylab_state_dir }}/mounts"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: 0644
    access_time: preserve
    modification_time: preserve

- name: Mount datastore block
  become: true
  ansible.posix.mount:
    path: /mnt/brick
    src: UUID={{ _datastore_device_info.children[0].uuid }}
    state: mounted
    fstype: "{{ _datastore_device_info.children[0].fstype }}"
    # Note that this just needs to be any path *other* than the actual
    # fstab. This is done just to prevent the devices from being
    # automatically mounted at boot
    fstab: "{{ skylab_state_dir }}/mounts"