---
- name: Verify that all.log exists
  ansible.builtin.stat:
    path: /var/log/all.log
  register: result

- name: Create dummy all.log file
  ansible.builtin.file:
    path: /var/log/all.log
    state: touch
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  when: not result.stat.exists

- name: Enable all.log
  ansible.builtin.lineinfile:
    path: /etc/syslog.conf
    line: "*.* /var/log/all.log"
  notify: Restart syslogd

- name: Enable all.log rotation
  ansible.builtin.lineinfile:
    path: /etc/newsyslog.conf
    regexp: "^/var/log/all.log.*"
    line: |-
      /var/log/all.log	root:{{ ansible_wheel }}	640  7     *    $D0  Z

- name: Configure certificates for remote logging
  ansible.builtin.service:
    name: syslogd
    arguments: >-
      -h -c {{ tls_certs }}/{{ inventory_hostname }}.crt
      -k {{ tls_private }}/{{ inventory_hostname }}.key
    enabled: true
  when: inventory_hostname != "log01.home.foo.sh"

- name: Enable remote logging
  ansible.builtin.lineinfile:
    path: /etc/syslog.conf
    regexp: '^\*\.\* @.*'
    line: "*.* @tls://{{ log_server }}:6514"
  notify: Restart syslogd
  when: inventory_hostname != "log01.home.foo.sh"

- name: Include server config
  ansible.builtin.include_tasks: server.yml
  when: inventory_hostname == "log01.home.foo.sh"