- hosts: routers
  remote_user: root
  tasks:
    - name: fetch gpg key locally
      ansible.builtin.command: gpg --fetch-keys https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt
      delegate_to: 127.0.0.1
      run_once: true
    - name: export gpg key
      ansible.builtin.command: gpg --output yggdrasil/yggdrasil-keyring.gpg --export BC1BF63BD10B8F1A
      delegate_to: 127.0.0.1
      run_once: true
    - name: See if it's possible to run yggdrasil
      ansible.builtin.stat:
        path: /dev/net/tun
      register: can_use_tun
    - name: Create /usr/local/apt-keys on debian hosts
      ansible.builtin.file:
        path: /usr/local/apt-keys
        state: directory
        mode: '0755'
      when: ansible_distribution == 'Debian' and can_use_tun.stat.exists == True
    - name: add dirmngr on debian hosts
      ansible.builtin.apt:
        name: dirmngr
        state: latest
      when: ansible_distribution == 'Debian' and can_use_tun.stat.exists == True
    - name: Copy gpg keyring to debian hosts
      ansible.builtin.copy:
        src: yggdrasil/yggdrasil-keyring.gpg
        dest: /usr/local/apt-keys/yggdrasil-keyring.gpg
        mode: '0644'
      when: ansible_distribution == 'Debian' and can_use_tun.stat.exists == True
    - name: Copy yggdrasil sources list list to debian hosts
      ansible.builtin.copy:
        src: yggdrasil/debian-list.txt
        dest: /etc/apt/sources.list.d/yggdrasil.list
        mode: '0644'
      when: ansible_distribution == 'Debian' and can_use_tun.stat.exists == True
    - name: add yggdrasil on arch systems
      ansible.builtin.pacman:
        name: yggdrasil
        state: present
      when: ansible_distribution == 'Archlinux' and can_use_tun.stat.exists == True
    - name: add yggdrasil on debian systems
      ansible.builtin.apt:
        update_cache: yes
        cache_valid_time: 1
        name: yggdrasil
        state: present
      when: ansible_distribution == 'Debian' and can_use_tun.stat.exists == True