---
- name: Fix SELinux contexts from cache directory
  community.general.sefcontext:
    path: "/var/cache/zoneminder(/.*)?"
    setype: httpd_cache_t

- name: Install packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - mariadb
    - zoneminder-httpd

- name: Fix SELinux contexts from data directory
  community.general.sefcontext:
    path: "/export/zoneminder(/.*)?"
    setype: zoneminder_var_lib_t

- name: Create data directory
  ansible.builtin.file:
    path: /export/zoneminder
    state: directory
    mode: 0750
    owner: apache
    group: apache
    setype: _default

- name: Link data directory
  ansible.builtin.file:
    dest: /srv/zoneminder
    src: /export/zoneminder
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

- name: Create config
  ansible.builtin.template:
    dest: /etc/zm/conf.d/local.conf
    src: zm.conf
    mode: 0640
    owner: root
    group: apache
  notify: Restart zoneminder

- name: Remove mariadb depency from unit file
  ansible.builtin.shell:
    cmd: >-
      sed -e 's/mariadb\.service//' /lib/systemd/system/zoneminder.service
      > /etc/systemd/system/zoneminder.service
    creates: /etc/systemd/system/zoneminder.service
    warn: false
  notify: Restart zoneminder
  when: zm_mysql_host != "localhost"

- name: Allow zoneminder to read host private key
  ansible.builtin.user:
    name: apache
    groups: hostkey
    append: true
  notify: Restart zoneminder
  when: zm_mysql_host != "localhost"

- name: Loosen SELinux settings
  ansible.posix.seboolean:
    name: "{{ item }}"
    state: true
    persistent: true
  with_items:
    - domain_can_mmap_files
    - nis_enabled

# selinux doesn't allow create this
- name: Create stub web log
  ansible.builtin.file:
    dest: /var/log/zoneminder/web_php.log
    state: touch
    mode: 0640
    owner: apache
    group: apache
    access_time: preserve
    modification_time: preserve

- name: Link apache config
  ansible.builtin.file:
    dest: /etc/httpd/conf.local.d/zm.conf
    src: /etc/zm/www/zoneminder.httpd.conf
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart apache

- name: Link apache php config
  ansible.builtin.file:
    dest: /etc/httpd/conf.local.d/php.conf
    src: /etc/httpd/conf.d/php.conf
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart apache

- name: Configure zoneminder timezone
  ansible.builtin.copy:
    dest: /etc/php.d/timezone.ini
    content: "date.timezone=UTC\n"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart apache

# required for database updates to work
- name: Configure mysql client to use ssl
  ansible.builtin.copy:
    dest: /root/.my.cnf
    content: |
      [client]
      ssl-ca={{ tls_certs }}/ca.crt
      ssl-cert={{ tls_certs }}/{{ inventory_hostname }}.crt
      ssl-key={{ tls_private }}/{{ inventory_hostname }}.key
    mode: 0600
    owner: root
    group: "{{ ansible_wheel }}"

- name: Enable service
  ansible.builtin.service:
    name: zoneminder
    state: started
    enabled: true