---
- name: create logsync group
  ansible.builtin.group:
    name: logsync
    system: true

- name: create logsync user
  ansible.builtin.user:
    name: logsync
    comment: Service logsync
    createhome: false
    group: logsync
    home: /var/empty
    shell: /sbin/nologin
    system: true

- name: create logsync ssh key directory
  ansible.builtin.file:
    path: /etc/ssh/logsync
    state: directory
    mode: 0750
    owner: root
    group: logsync

- name: create logsync ssh keys
  ansible.builtin.command:
    argv:
      - ssh-keygen
      - -t
      - ed25519
      - -C
      - "logsync@{{ inventory_hostname }}"
      - -N
      - ""
      - -f
      - /etc/ssh/logsync/id_ed25519
    creates: /etc/ssh/logsync/id_ed25519

- name: fix logsync ssh key permissions
  ansible.builtin.file:
    path: "{{ item }}"
    owner: root
    group: logsync
    mode: 0640
  with_items:
    - /etc/ssh/logsync/id_ed25519
    - /etc/ssh/logsync/id_ed25519.pub

- name: import rclone role
  ansible.builtin.import_role:
    name: rclone
  vars:
    local_user: logsync
    remote_user: logsync
    hostgroup: webservers
    destination: /var/cache/sync-http-logs
    private_key: /etc/ssh/logsync/id_ed25519

- name: create cache directory
  ansible.builtin.file:
    path: /var/cache/sync-http-logs
    state: directory
    mode: 0750
    owner: logsync
    group: logsync

- name: create log directory
  ansible.builtin.file:
    path: /export/web-log
    state: directory
    mode: 0750
    owner: root
    group: "{{ ansible_wheel }}"

- name: link data directory
  ansible.builtin.file:
    dest: /srv/web-log
    src: /export/web-log
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false