- name: install kernel headers
  hosts: storage
  vars:
    ansible_ssh_user: pi
    ansible_sudo_pass: pi
    ansible_ssh_pass: pi
    ansible_host: "{{ ip_before_reboot }}"
  tasks:
    - name: install package
      ansible.builtin.apt:
        deb: /opt/archives/linux-headers-6.1.141_6.1.141-16_arm64.deb

- hosts: storage
  vars:
    ansible_ssh_user: pi
    ansible_sudo_pass: pi
    ansible_ssh_pass: pi
    ansible_host: "{{ ip_before_reboot }}"
  roles:
    - role: dns
      tags: dns
    - role: network_interfaces
      tags: network_interfaces, network
    - role: base
      tags: base
    - role: chrony
    - role: ansible-role-docker
      tags: docker
    - role: base_users
      tags: users, auth

- name: install oh-my-zsh and delete user pi
  hosts: storage
  tasks:
    - name: "Run ansible-role-oh-my-zsh"
      include_role:
        name: "ansible-role-oh-my-zsh"
      vars:
        omz_user: "{{ item }}"
      with_items: "{{ base_users }}"
    - name: "Deactivate user pi"
      ansible.builtin.user:
        name: "pi"
        shell: "/bin/false"
        groups: "nogroup"

# - name: deploy nftables Debian
#   hosts: storage
#   roles:
#     - role: base_nftables
#       tags: [ base_nftables, nft ]

- name: override logrotate timer schedule
  hosts: storage
  tags: logrotate_timer
  tasks:
    - name: Create the directory if it does not exist
      file:
        path: /etc/systemd/system/logrotate.timer.d
        state: directory
        mode: '0755'
        owner: root
        group: root
    - name: Copy logrotate.timer
      copy:
        dest: /etc/systemd/system/logrotate.timer.d/override.conf
        content: |
          [Timer]
          OnCalendar=hourly
          AccuracySec=1m
        mode: '0755'
        owner: root
        group: root
    - name: Restart logrotate.timer
      systemd:
        name: logrotate.timer
        daemon_reload: true

# - name: "Mount new /var/log and move logs"
#   hosts: storage
#   tags: [ mount, logs ]
#   roles:
#     - role: mount
#       device: "{{ default.log_mount.device }}"
#       fstype: "{{ default.log_mount.fstype }}"
#       mountpoint: "{{ default.log_mount.mountpoint }}"
#       when: has_var_log_mount
#   tasks:
#     - name: "Check if /var/log/journal exists"
#       stat:
#         path: /var/log/journal
#       register: _var_log_stat
#       when: has_var_log_mount

#     - name: "Move logs to new directory"
#       when:
#        - has_var_log_mount
#        - _var_log_stat.stat.isdir is not defined or not _var_log_stat.stat.isdir
#       block:
#         - name: "Mount original rootfs and move files"
#           shell: "mkdir /tmp/mnt-rootfs && mount --bind / /tmp/mnt-rootfs && mv /tmp/mnt-rootfs/var/log/* /var/log/ && umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"
#       rescue:
#         - name: "Unmount rootfs"
#           shell: "umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"

# - name: install victoria exporters
#   hosts: storage
#   gather_facts: yes
#   roles:
#   - role: cadvisor
#     tags:
#       - monitoring
#       - cadvisor