---
# Mirrors former **noble-platform** Argo Application: Helm releases + plain manifests under clusters/noble/bootstrap.
- name: Apply clusters/noble/bootstrap kustomize (namespaces, Grafana Loki datasource)
  ansible.builtin.command:
    argv:
      - kubectl
      - apply
      - "--request-timeout={{ noble_platform_kubectl_request_timeout }}"
      - -k
      - "{{ noble_repo_root }}/clusters/noble/bootstrap"
  environment:
    KUBECONFIG: "{{ noble_kubeconfig }}"
  register: noble_platform_kustomize
  retries: "{{ noble_platform_kustomize_retries | int }}"
  delay: "{{ noble_platform_kustomize_delay | int }}"
  until: noble_platform_kustomize.rc == 0
  changed_when: true

- name: Stat SOPS age private key (age-key.txt)
  ansible.builtin.stat:
    path: "{{ noble_sops_age_key_file }}"
  register: noble_sops_age_key_stat

- name: Apply SOPS-encrypted cluster secrets (clusters/noble/secrets/*.yaml)
  ansible.builtin.shell: |
    set -euo pipefail
    shopt -s nullglob
    for f in "{{ noble_repo_root }}/clusters/noble/secrets"/*.yaml; do
      sops -d "$f" | kubectl apply -f -
    done
  args:
    executable: /bin/bash
  environment:
    KUBECONFIG: "{{ noble_kubeconfig }}"
    SOPS_AGE_KEY_FILE: "{{ noble_sops_age_key_file }}"
  when:
    - noble_apply_sops_secrets | default(true) | bool
    - noble_sops_age_key_stat.stat.exists
  changed_when: true

- name: Install kube-prometheus-stack
  ansible.builtin.command:
    argv:
      - helm
      - upgrade
      - --install
      - kube-prometheus
      - prometheus-community/kube-prometheus-stack
      - -n
      - monitoring
      - --version
      - "82.15.1"
      - -f
      - "{{ noble_repo_root }}/clusters/noble/bootstrap/kube-prometheus-stack/values.yaml"
      - --wait
      - --timeout
      - 30m
  environment:
    KUBECONFIG: "{{ noble_kubeconfig }}"
  changed_when: true

- name: Install Loki
  ansible.builtin.command:
    argv:
      - helm
      - upgrade
      - --install
      - loki
      - grafana/loki
      - -n
      - loki
      - --version
      - "6.55.0"
      - -f
      - "{{ noble_repo_root }}/clusters/noble/bootstrap/loki/values.yaml"
      - --wait
  environment:
    KUBECONFIG: "{{ noble_kubeconfig }}"
  changed_when: true

- name: Install Fluent Bit
  ansible.builtin.command:
    argv:
      - helm
      - upgrade
      - --install
      - fluent-bit
      - fluent/fluent-bit
      - -n
      - logging
      - --version
      - "0.56.0"
      - -f
      - "{{ noble_repo_root }}/clusters/noble/bootstrap/fluent-bit/values.yaml"
      - --wait
  environment:
    KUBECONFIG: "{{ noble_kubeconfig }}"
  changed_when: true

- name: Install Headlamp
  ansible.builtin.command:
    argv:
      - helm
      - upgrade
      - --install
      - headlamp
      - headlamp/headlamp
      - --version
      - "0.40.1"
      - -n
      - headlamp
      - -f
      - "{{ noble_repo_root }}/clusters/noble/bootstrap/headlamp/values.yaml"
      - --wait
  environment:
    KUBECONFIG: "{{ noble_kubeconfig }}"
  changed_when: true