---
# =============================================================================
# SYSTEM CLEANUP ROLE
# =============================================================================

# ========== Docker Pre-check ==========
- name: Check if Docker is installed
  command: docker --version
  register: docker_check
  ignore_errors: yes
  changed_when: false
  tags: [cleanup, docker]

# ========== APT Cleanup ==========
- name: Remove unwanted system packages
  apt:
    name: "{{ cleanup_packages }}"
    state: absent
    autoremove: "{{ cleanup_autoremove }}"
    purge: true
  when: cleanup_packages | default([]) | length > 0
  become: yes
  tags: [cleanup, apt]

- name: Clean APT cache (remove downloaded .deb files)
  command: apt-get clean
  changed_when: false
  become: yes
  tags: [cleanup, apt]

- name: Remove old configuration files (dpkg --purge rc packages)
  shell: dpkg --purge $(dpkg --list | grep '^rc' | awk '{print $2}') 2>/dev/null || true
  changed_when: true
  become: yes
  tags: [cleanup, apt]

- name: Remove old kernels (keep current + N last)
  shell: |
    CURRENT_KERNEL=$(uname -r)
    dpkg -l 'linux-image-*' 2>/dev/null | awk '/^ii/ {print $2}' | grep -v "$CURRENT_KERNEL" | sort -V | head -n -{{ cleanup_keep_kernels | default(2) }} | xargs -r apt-get purge -y || true
  changed_when: true
  become: yes
  tags: [cleanup, apt, kernels]

# ========== SSH Keys Cleanup ==========
- name: Remove specific SSH authorized keys (if any defined)
  authorized_key:
    user: root
    key: "{{ item }}"
    state: absent
  loop: "{{ cleanup_ssh_keys | default([]) }}"
  when: cleanup_ssh_keys | default([]) | length > 0
  become: yes
  tags: [cleanup, ssh]

# ========== Docker Cleanup ==========
- name: Prune unused Docker containers
  command: docker container prune -f
  when: 
    - cleanup_docker | default(false)
    - cleanup_docker_containers | default(false)
    - docker_check.rc == 0
  changed_when: true
  become: yes
  tags: [cleanup, docker]

- name: Prune unused Docker images
  command: docker image prune -af
  when: 
    - cleanup_docker | default(false)
    - cleanup_docker_images | default(false)
    - docker_check.rc == 0
  changed_when: true
  become: yes
  tags: [cleanup, docker]

- name: Prune unused Docker volumes
  command: docker volume prune -f
  when: 
    - cleanup_docker | default(false)
    - cleanup_docker_volumes | default(false)
    - docker_check.rc == 0
  changed_when: true
  become: yes
  tags: [cleanup, docker]

- name: Prune unused Docker networks
  command: docker network prune -f
  when: 
    - cleanup_docker | default(false)
    - cleanup_docker_networks | default(false)
    - docker_check.rc == 0
  changed_when: true
  become: yes
  tags: [cleanup, docker]

- name: Prune Docker build cache
  command: docker builder prune -f
  when: 
    - cleanup_docker | default(false)
    - docker_check.rc == 0
  changed_when: true
  become: yes
  tags: [cleanup, docker]

# ========== Journal Logs Vacuum ==========
- name: Vacuum systemd journal logs
  command: journalctl --vacuum-size={{ cleanup_max_journal_size | default('100M') }}
  changed_when: true
  become: yes
  tags: [cleanup, logs]

# ========== Old Log Files Cleanup ==========
- name: Find old rotated logs (*.1, *.gz, *.old)
  find:
    paths: /var/log
    patterns: "*.1,*.gz,*.old"
    age: "{{ cleanup_logs_age_days | default(7) }}d"
    recurse: yes
  register: old_logs
  become: yes
  tags: [cleanup, logs]

- name: Delete found old log files
  file:
    path: "{{ item.path }}"
    state: absent
  loop: "{{ old_logs.files }}"
  become: yes
  tags: [cleanup, logs]

# ========== Temporary Files Cleanup ==========
- name: Clean systemd tmpfiles
  command: systemd-tmpfiles --clean
  changed_when: true
  become: yes
  tags: [cleanup, tmp]

- name: Find old files in /tmp (exclude system dirs)
  find:
    paths: /tmp
    age: "{{ cleanup_tmp_age_days | default(3) }}d"
    exclude: "systemd-*,ssh-*,tmux-*,.X*,.ICE-unix*"
  register: tmp_old_files
  become: yes
  tags: [cleanup, tmp]

- name: Delete old /tmp files
  file:
    path: "{{ item.path }}"
    state: absent
  loop: "{{ tmp_old_files.files }}"
  become: yes
  tags: [cleanup, tmp]

# ========== Custom Directories Removal ==========
- name: Remove custom directories (if defined)
  file:
    path: "{{ item }}"
    state: absent
  loop: "{{ cleanup_directories | default([]) }}"
  when: cleanup_directories | default([]) | length > 0
  become: yes
  tags: [cleanup]

# ========== Summary: Show Disk Usage After Cleanup ==========
- name: Show disk usage after cleanup
  command: df -h /
  register: disk_after
  changed_when: false
  tags: [cleanup, summary]

- name: Display cleanup summary
  debug:
    msg: |
      === 🧹 Cleanup Summary ===
      {{ disk_after.stdout_lines | join('\n') }}
  tags: [cleanup, summary]