---

- name: create data directories
  file:
    dest: "{{ item }}"
    state: directory
    mode: 0750
    owner: root
    group: "{{ ansible_wheel }}"
  with_items:
    - /export/log
    - /export/log/archive

- name: link data directory
  file:
    dest: /srv/log
    src: /export/log
    state: link
    owner: root
    group: "{{ ansible_wheel }}"

- name: copy server key
  copy:
    dest: "{{ tls_private }}/0.0.0.0:6514.key"
    src: /srv/letsencrypt/live/loghost.foo.sh/privkey.pem
    mode: 0600
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart syslogd
  tags: certificates

- name: copy server crt
  copy:
    dest: "{{ tls_certs }}/0.0.0.0:6514.crt"
    src: /srv/letsencrypt/live/loghost.foo.sh/fullchain.pem
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart syslogd
  tags: certificates

- name: add archiving to syslog.conf
  blockinfile:
    path: /etc/syslog.conf
    insertbefore: BOF
    block: |
      # everything goes to archive
      *.* /srv/log/all.log
      # only local goes to the standard logs
      +{{ inventory_hostname }}
    marker: "# {mark} ANSIBLE MANAGED BLOCK (syslogd)"
  notify: restart syslogd

- name: create dummy all.log
  shell: umask 027 ; touch /srv/log/all.log
  args:
    creates: /srv/log/all.log

- name: install log archiver
  copy:
    dest: /usr/local/sbin/syslog-archive
    src: syslog-archive.sh
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"

- name: install log archiver cron
  cron:
    name: syslog-archive
    user: root
    hour: "0"
    minute: "0"
    job: /usr/local/sbin/syslog-archive all.log > /dev/null

- name: enable syslogd remote logging
  service:
    name: syslogd
    state: started
    enabled: true
    arguments: -n -K {{ tls_certs }}/ca.crt -S 0.0.0.0:6514 -S ::::6514