---
- name: create group
  ansible.builtin.group:
    name: grafana

- name: create user
  ansible.builtin.user:
    name: grafana
    comment: Podman Grafana
    group: grafana
    shell: /sbin/nologin

- name: copy host key
  ansible.builtin.copy:
    dest: "{{ tls_private }}/grafana.key"
    src: "{{ tls_private }}/{{ inventory_hostname }}.key"
    mode: 0640
    owner: root
    group: grafana
    remote_src: true

- name: create service config
  ansible.builtin.template:
    dest: /etc/sysconfig/grafana-container
    src: grafana-container.sysconfig.j2
    mode: 0600
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart grafana

- name: create service file
  ansible.builtin.template:
    dest: /etc/systemd/system/grafana-container.service
    src: grafana-container.service.j2
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart grafana

- name: create ldap config
  ansible.builtin.template:
    dest: /etc/grafana-ldap.toml
    src: grafana-ldap.toml.j2
    mode: 0640
    owner: root
    group: grafana
  notify: restart grafana

- name: enable service
  ansible.builtin.service:
    name: grafana-container
    state: started
    enabled: true

- name: copy nginx config
  ansible.builtin.copy:
    dest: /etc/nginx/conf.d/{{ inventory_hostname }}/grafana-container.conf
    content: |
      location /grafana/ {
        proxy_set_header Host noc.foo.sh;
        proxy_pass http://localhost:8002/;
      }
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart nginx