---
- name: Deploy KVM virtual machines
  ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
  vars:
    myhosts: frigate

- name: Configure instance
  hosts: frigate
  user: root
  gather_facts: true

  vars_files:
    - "{{ ansible_private }}/vars.yml"

  pre_tasks:
    - name: Mount datadirectories
      ansible.posix.mount:
        name: "/export/frigate/{{ item }}"
        src: "LABEL={{ item }}"
        fstype: xfs
        opts: noatime,noexec,nosuid,nodev
        passno: "0"
        dump: "0"
        state: mounted
      with_items:
        - config
        - media

  roles:
    - base
    - mod_auth_gssapi
    - role: keytab
      keytab_path: /etc/httpd/httpd.keytab
      keytab_principals: HTTP/cctv.foo.sh@FOO.SH
      keytab_group: apache

  tasks:
    - name: Include unbound role
      ansible.builtin.import_role:
        name: unbound

    - name: Run handlers to get interfaces configured
      ansible.builtin.meta: flush_handlers

    - name: Include dhcpd role
      ansible.builtin.include_role:
        name: dhcpd

    - name: Include frigate role
      ansible.builtin.include_role:
        name: frigate

    - name: Require authentication for frigate
      ansible.builtin.copy:
        dest: /etc/httpd/conf.local.d/frigate-auth.conf
        content: |
          <Location /frigate>
            AuthType        GSSAPI
            GssapiBasicAuth On
            AuthName        "Password Required"
            Require         valid-user
          </Location>
        mode: "0644"
        owner: root
        group: "{{ ansible_wheel }}"
      notify: Restart apache

    - name: Enable NTP server for cam network
      ansible.builtin.lineinfile:
        path: /etc/chrony.conf
        regexp: "^#?allow .*"
        line: "allow 172.20.26.0/24"