---
- name: Install packages
  ansible.builtin.package:
    name: munin
    state: installed

- name: Set file contexts for data directory
  community.general.sefcontext:
    path: "/export/munin(/.*)?"
    setype: munin_var_lib_t

- name: Create data direcory
  ansible.builtin.file:
    path: /export/munin
    state: directory
    mode: 0755
    owner: munin
    group: munin
    setype: _default

- name: Link data directory
  ansible.builtin.file:
    dest: /srv/munin
    src: /export/munin
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

# for some reason this is owned by adm default
- name: Fix log directory group
  ansible.builtin.file:
    path: /var/log/munin
    state: directory
    mode: 0750
    owner: munin
    group: apache

- name: Add munin to hostkey group
  ansible.builtin.user:
    name: munin
    groups: hostkey
    append: true

# this needs better rule
- name: Fix SELinux write errors
  ansible.posix.seboolean:
    name: domain_can_mmap_files
    state: true
    persistent: true

- name: Create apache config
  ansible.builtin.copy:
    dest: /etc/httpd/conf.local.d/munin.conf
    src: munin-apache.conf
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart apache

- name: Fix SELinx contexts from cache directory
  community.general.sefcontext:
    path: "/var/run/munin/cgi-tmp(/.*)?"
    setype: munin_rw_content_t

- name: Add cache direcory to tmpfiles
  ansible.builtin.copy:
    dest: /etc/tmpfiles.d/munin.conf
    src: munin-tmpfiles.conf
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: Create cache directory
  ansible.builtin.file:
    path: /var/run/munin/cgi-tmp
    state: directory
    mode: 0755
    owner: apache
    group: apache
    setype: _default

- name: Create tls config
  ansible.builtin.template:
    dest: /etc/munin/munin-conf.d/00-tls.conf
    src: tls.conf.j2
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: Create host config
  ansible.builtin.template:
    dest: /etc/munin/munin-conf.d/hosts.conf
    src: hosts.conf.j2
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: Create override config
  ansible.builtin.copy:
    dest: /etc/munin/munin-conf.d/00-override.conf
    src: override.conf
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: Remove localhost node
  ansible.builtin.file:
    path: /etc/munin/munin-conf.d/local.conf
    state: absent

- name: Enable cron job
  ansible.builtin.systemd:
    name: munin.timer
    state: started
    enabled: true