---
- name: fix selinux contexts from cache directory
  community.general.sefcontext:
    path: "/var/cache/zoneminder(/.*)?"
    setype: httpd_cache_t

- name: install packages
  ansible.builtin.package:
    name: zoneminder-httpd
    state: installed

- name: fix selinux contexts from data directory
  community.general.sefcontext:
    path: "/export/zoneminder(/.*)?"
    setype: zoneminder_var_lib_t

- name: create data directory
  ansible.builtin.file:
    path: /export/zoneminder
    state: directory
    mode: 0750
    owner: apache
    group: apache
    setype: _default

- name: link data directory
  ansible.builtin.file:
    dest: /srv/zoneminder
    src: /export/zoneminder
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

- name: create config
  ansible.builtin.template:
    dest: /etc/zm/conf.d/local.conf
    src: zm.conf
    mode: 0640
    owner: root
    group: apache
  notify: restart zoneminder

- name: remove mariadb depency from unit file
  ansible.builtin.shell:
    cmd: >-
      sed -e 's/mariadb\.service//' /lib/systemd/system/zoneminder.service
      > /etc/systemd/system/zoneminder.service
    creates: /etc/systemd/system/zoneminder.service
    warn: false
  notify: restart zoneminder
  when: zm_mysql_host != "localhost"

- name: allow zoneminder to read host private key
  ansible.builtin.user:
    name: apache
    groups: hostkey
    append: true
  notify: restart zoneminder
  when: zm_mysql_host != "localhost"

- name: loosen selinux settings
  ansible.posix.seboolean:
    name: "{{ item }}"
    state: true
    persistent: true
  with_items:
    - domain_can_mmap_files
    - nis_enabled

# selinux doesn't allow create this
- name: create stub web log
  ansible.builtin.file:
    dest: /var/log/zoneminder/web_php.log
    state: touch
    mode: 0640
    owner: apache
    group: apache
    access_time: preserve
    modification_time: preserve

- name: link apache config
  ansible.builtin.file:
    dest: /etc/httpd/conf.local.d/zm.conf
    src: /etc/zm/www/zoneminder.httpd.conf
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart apache

- name: link apache php config
  ansible.builtin.file:
    dest: /etc/httpd/conf.local.d/php.conf
    src: /etc/httpd/conf.d/php.conf
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart apache

- name: configure zoneminder timezone
  ansible.builtin.copy:
    dest: /etc/php.d/timezone.ini
    content: "date.timezone=UTC\n"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart apache

- name: enable service
  ansible.builtin.service:
    name: zoneminder
    state: started
    enabled: true