- name: Update default SELinux contexts
  community.general.sefcontext:
    target: "{{ item.target }}(/.*)?"
    setype: "container_file_t"
    selevel: "{{ item.selevel }}"
    state: present
  loop:
    - target: "{{ monitoring_install_dir }}/grafana"
      selevel: "{{ monitoring_grafana_selinux_level }}"
    - target: "{{ monitoring_install_dir }}/loki"
      selevel: "{{ monitoring_loki_selinux_level }}"
    - target: "{{ monitoring_install_dir }}/prometheus"
      selevel: "{{ monitoring_prometheus_selinux_level }}"
  become: true
  notify: "monitoring selinux context changed"

- name: Create monitoring directories.
  ansible.builtin.file:
    path: "{{ item }}"
    owner: "root"
    group: "root"
    state: directory
    mode: "0700"
  loop:
    - "{{ monitoring_install_dir }}"
  become: true

- name: Ensure monitoring directories and config files exist.
  block:
    - name: Stat grafana data directory.
      ansible.builtin.stat:
        path: "{{ monitoring_install_dir }}/grafana/data"
      become: true
      register: monitoring_grafana_stat_dir

    - name: Stat loki data directory.
      ansible.builtin.stat:
        path: "{{ monitoring_install_dir }}/loki/data"
      become: true
      register: monitoring_loki_stat_dir

    - name: Stat prometheus data directory.
      ansible.builtin.stat:
        path: "{{ monitoring_install_dir }}/prometheus/data"
      become: true
      register: monitoring_prometheus_stat_dir

    - name: Create monitoring directories.
      ansible.builtin.file:
        path: "{{ item.path }}"
        state: directory
        owner: "{{ item.owner }}"
        group: "{{ item.group }}"
        mode: "0700"
      loop:
        - path: "{{ monitoring_install_dir }}/grafana"
          owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/grafana/data"
          owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/grafana/config"
          owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/grafana/config/provisioning"
          owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/grafana/config/provisioning/alerting"
          owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/grafana/config/provisioning/dashboards"
          owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/grafana/config/provisioning/datasources"
          owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/grafana/config/provisioning/notifiers"
          owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/grafana/config/provisioning/plugins"
          owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/loki"
          owner: "{{ monitoring_loki_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_loki_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/loki/data"
          owner: "{{ monitoring_loki_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_loki_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/loki/config"
          owner: "{{ monitoring_loki_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_loki_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/prometheus"
          owner: "{{ monitoring_prometheus_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_prometheus_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/prometheus/data"
          owner: "{{ monitoring_prometheus_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_prometheus_stat_dir.stat.gid | default('root') }}"
        - path: "{{ monitoring_install_dir }}/prometheus/config"
          owner: "{{ monitoring_prometheus_stat_dir.stat.uid | default('root') }}"
          group: "{{ monitoring_prometheus_stat_dir.stat.gid | default('root') }}"
      become: true

    - name: Deploy grafana config.
      ansible.builtin.template:
        src: grafana/grafana.ini.j2
        dest: "{{ monitoring_install_dir }}/grafana/config/grafana.ini"
        owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
        group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        mode: "0600"
      become: true
      notify: "grafana config changed"

    - name: Deploy loki config.
      ansible.builtin.template:
        src: loki/loki-config.yml.j2
        dest: "{{ monitoring_install_dir }}/loki/config/loki-config.yaml"
        owner: "{{ monitoring_loki_stat_dir.stat.uid | default('root') }}"
        group: "{{ monitoring_loki_stat_dir.stat.gid | default('root') }}"
        mode: "0600"
      become: true
      notify: "loki config changed"

    - name: Deploy prometheus config.
      ansible.builtin.template:
        src: prometheus/prometheus.yml.j2
        dest: "{{ monitoring_install_dir }}/prometheus/config/prometheus.yml"
        owner: "{{ monitoring_prometheus_stat_dir.stat.uid | default('root') }}"
        group: "{{ monitoring_prometheus_stat_dir.stat.gid | default('root') }}"
        mode: "0600"
      become: true
      notify: "prometheus config changed"

    - name: Create grafana datasource provisioning files.
      ansible.builtin.template:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
        group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        mode: "0600"
      loop:
        - src: loki/datasource.yml.j2
          dest: "{{ monitoring_install_dir }}/grafana/config/provisioning/datasources/loki.yml"
        - src: prometheus/datasource.yml.j2
          dest: "{{ monitoring_install_dir }}/grafana/config/provisioning/datasources/prometheus.yml"
      become: true
      notify: "grafana datasources changed"

    - name: Copy grafana alerting provisioning files.
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "{{ monitoring_install_dir }}/grafana/config/provisioning/alerting/"
        owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
        group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
        mode: "0600"
      loop: "{{ query('fileglob', inventory_hostname + '/monitoring/alerting/*.yml') }}"
      become: true
      notify: "grafana alert provisioning changed"
      register: monitoring_grafana_managed_alerting_files

- name: Remove unmanaged grafana alert provisioning files
  when: monitoring_grafana_remove_unmanaged_alerting_files
  notify: "grafana alert provisioning changed"
  block:
    - name: Find all remote grafana alert provisioning files.
      ansible.builtin.find:
        paths: "{{ monitoring_install_dir }}/grafana/config/provisioning/alerting/"
      become: true
      register: monitoring_grafana_found_alerting_files

    - name: Remove unmanaged grafana alert provisioning files.
      ansible.builtin.file:
        state: absent
        path: "{{ item }}"
      loop: "{{ monitoring_grafana_found_alerting_files.files | map(attribute='path') }}"
      when: item not in monitoring_grafana_managed_alerting_files.results | map(attribute='dest')
      become: true

- name: Ensure container images are present on the host.
  containers.podman.podman_image:
    name: "{{ item.name }}"
    state: present
    tag: "{{ item.tag }}"
  loop:
    - name: "{{ monitoring_grafana_containerimage }}"
      tag: "{{ monitoring_grafana_image_tag }}"
    - name: "{{ monitoring_image_renderer_containerimage }}"
      tag: "{{ monitoring_image_renderer_image_tag }}"
    - name: "{{ monitoring_loki_containerimage }}"
      tag: "{{ monitoring_loki_image_tag }}"
    - name: "{{ monitoring_prometheus_containerimage }}"
      tag: "{{ monitoring_prometheus_image_tag }}"
  become: true

- name: Add caddy config file.
  block:
    - name: Check caddy config dir.
      ansible.builtin.stat:
        path: "{{ caddy_install_dir }}/config"
      become: true
      register: caddy_stat_config_dir

    - name: Template caddy config for monitoring.
      ansible.builtin.template:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        mode: "0600"
        setype: "container_file_t"
        selevel: "{{ caddy_selinux_level }}"
        owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
        group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
      loop:
        - src: grafana/grafana.caddy.j2
          dest: "{{ caddy_install_dir }}/config/grafana.caddy"
        - src: loki/loki.caddy.j2
          dest: "{{ caddy_install_dir }}/config/loki.caddy"
      become: true
      notify: "caddy config changed"

    - name: Template prometheus caddy config.
      ansible.builtin.template:
        src: prometheus/prometheus.caddy.j2
        dest: "{{ caddy_install_dir }}/config/prometheus.caddy"
        mode: "0600"
        setype: "container_file_t"
        selevel: "{{ caddy_selinux_level }}"
        owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
        group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
      become: true
      notify: "caddy config changed"
      when: monitoring_prometheus_write_receiver_enable

    - name: Remove unused prometheus caddy config.
      ansible.builtin.file:
        path: "{{ caddy_install_dir }}/config/prometheus.caddy"
        state: absent
      become: true
      when: not monitoring_prometheus_write_receiver_enable

- name: Create grafana container definition file.
  ansible.builtin.template:
    src: grafana/grafana.container.j2
    dest: "/etc/containers/systemd/grafana.container"
    owner: "root"
    group: "root"
    mode: "0644"
  become: true
  notify: "grafana container definition changed"

- name: Create image-renderer container definition file.
  ansible.builtin.template:
    src: grafana/image-renderer.container.j2
    dest: "/etc/containers/systemd/image-renderer.container"
    owner: "root"
    group: "root"
    mode: "0644"
  become: true
  notify: "image-renderer container definition changed"

- name: Create loki container definition file.
  ansible.builtin.template:
    src: loki/loki.container.j2
    dest: "/etc/containers/systemd/loki.container"
    owner: "root"
    group: "root"
    mode: "0644"
  become: true
  notify: "loki container definition changed"

- name: Create prometheus container definition file.
  ansible.builtin.template:
    src: prometheus/prometheus.container.j2
    dest: "/etc/containers/systemd/prometheus.container"
    owner: "root"
    group: "root"
    mode: "0644"
  become: true
  notify: "prometheus container definition changed"

- name: Flush handlers
  ansible.builtin.meta: flush_handlers

- name: Ensure monitoring services are started and enabled.
  ansible.builtin.systemd:
    state: started
    enabled: true
    name: "{{ item }}"
    daemon_reload: true
  loop:
    - grafana.service
    - image-renderer.service
    - loki.service
    - prometheus.service
  become: true