---
- name: Create group
  ansible.builtin.group:
    name: snmp

- name: Create user
  ansible.builtin.user:
    name: snmp
    comment: Prometheus SNMP Exporter
    group: snmp
    create_home: false
    home: /var/empty
    shell: /sbin/nologin

- name: Download package
  ansible.builtin.get_url:
    url: >-
      {{
        "https://github.com/prometheus/snmp_exporter/releases/download/v"
        + snmp_exporter_version + "/" + snmp_exporter_pkg + ".tar.gz"
      }}
    dest: "/usr/local/src/{{ snmp_exporter_pkg }}.tar.gz"
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Extract package
  ansible.builtin.unarchive:
    src: "/usr/local/src/{{ snmp_exporter_pkg }}.tar.gz"
    dest: /usr/local/src
    owner: root
    group: "{{ ansible_wheel }}"
    creates: "/usr/local/src/{{ snmp_exporter_pkg }}"
    remote_src: true

- name: Copy binary
  ansible.builtin.copy:
    dest: /usr/local/bin/snmp_exporter
    src: "/usr/local/src/{{ snmp_exporter_pkg }}/snmp_exporter"
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
    remote_src: true
  notify: Restart snmp_exporter

- name: Create config directory
  ansible.builtin.file:
    path: /etc/snmp_exporter
    state: directory
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Copy TLS private key
  ansible.builtin.copy:
    src: "/srv/ca/private/nms.home.foo.sh.key"
    dest: "{{ tls_private }}/nms.home.foo.sh.key"
    mode: "0640"
    owner: root
    group: snmp
  notify: Restart snmp_exporter

- name: Copy TLS certificate
  ansible.builtin.copy:
    src: "/srv/ca/certs/hosts/nms.home.foo.sh.crt"
    dest: "{{ tls_certs }}/nms.home.foo.sh.crt"
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart snmp_exporter

- name: Create web-config
  ansible.builtin.template:
    dest: /etc/snmp_exporter/web-config.yml
    src: web-config.yml.j2
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart snmp_exporter

- name: Copy config
  ansible.builtin.copy:
    src: "/usr/local/src/{{ snmp_exporter_pkg }}/snmp.yml"
    dest: /etc/snmp_exporter/snmp.yml
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
    remote_src: true
  notify: Restart snmp_exporter

- name: Create service file
  ansible.builtin.copy:
    dest: /etc/systemd/system/snmp_exporter.service
    src: snmp_exporter.service
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart snmp_exporter

- name: Enable service
  ansible.builtin.service:
    name: snmp_exporter
    state: started
    enabled: true