---
- name: Step 1 - Terraform Provisioning
  hosts: localhost
  connection: local
  gather_facts: false  # <--- ОТКЛЮЧАЕМ автоматический сбор фактов
  become: false        # <--- ПРИНУДИТЕЛЬНО отключаем sudo
  vars:
    tf_dir: "{{ playbook_dir }}/../terraform"
  tasks:
    # Если нам всё же нужны данные о системе, собираем их без sudo
    - name: Manual fact gathering without sudo
      setup:
      become: false

    - name: Create terraform mirror config
      copy:
        dest: "/tmp/.terraformrc" # Используем /tmp, так как в контейнере права туда есть всегда
        content: |
          provider_installation {
            network_mirror {
              url = "https://terraform-mirror.yandexcloud.net/"
            }
            direct {
              exclude = ["registry.terraform.io/*/*"]
            }
          }

    - name: Cleanup old terraform data
      file:
        path: "{{ tf_dir }}/.terraform"
        state: absent

    - name: Terraform Init
      shell: terraform init -reconfigure -no-color
      args:
        chdir: "{{ tf_dir }}"
      environment:
        TF_CLI_CONFIG_FILE: "/tmp/.terraformrc"
        TF_HTTP_USERNAME: "{{ lookup('env', 'TF_HTTP_USERNAME') }}"
        TF_HTTP_PASSWORD: "{{ lookup('env', 'TF_HTTP_PASSWORD') }}"

    - name: Terraform Apply
      shell: terraform apply -auto-approve -no-color
      args:
        chdir: "{{ tf_dir }}"
      environment:
        TF_CLI_CONFIG_FILE: "/tmp/.terraformrc"
        TF_VAR_proxmox_api_token_id: "{{ lookup('env', 'TF_VAR_proxmox_api_token_id') }}"
        TF_VAR_proxmox_api_token_secret: "{{ lookup('env', 'TF_VAR_proxmox_api_token_secret') }}"
        TF_VAR_proxmox_api_url: "{{ lookup('env', 'TF_VAR_proxmox_api_url') }}"

- name: Step 2 - Install Kubernetes
  hosts: all
  become: true # Для реальных серверов sudo всё еще нужно
  tasks:
    - name: Install base packages
      apt:
        name: [curl, apt-transport-https, qemu-guest-agent]
        state: present
        update_cache: yes