---
# Configure and setup graylog
# Reccommended specs
# CPU: 2 cores
# Memory: 4GB
# Storage: Yes
- name: Install Graylog
  hosts: all
  become: true
  vars_files:
    # Vaults required
    # vars/vaults/encpass.yml
    # vars/vaults/hostman.yml
    - vars/graylog.yml

  # This is to try to avoid the handler issue in pre/post tasks
  handlers:
    - import_tasks: handlers/main.yml

  pre_tasks:
    - name: Check if ansible cannot be run here
      stat:
        path: /etc/no-ansible
      register: no_ansible

    - name: Verify if we can run ansible
      ansible.builtin.assert:
        that:
          - "not no_ansible.stat.exists"
        success_msg: "We are able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"

    - name: Install SELinux packages
      ansible.builtin.package:
        name: python3-policycoreutils.noarch
        state: present

    - name: "Creating DNS Record for ord-prod-graylog.rockylinux.org"
      freeipa.ansible_freeipa.ipadnsrecord:
        ipaadmin_principal: "{{ ipa_admin|default('admin') }}"
        ipaadmin_password: "{{ ipaadmin_password }}"
        zone_name: "{{ graylog_ipa_dnsrecord_zone_name }}"
        name: "{{ graylog_ipa_dnsrecord_name }}"
        record_type: "{{ graylog_ipa_dnsrecord_record_type }}"
        record_value: "{{ graylog_ipa_dnsrecord_record_value }}"
        state: "{{ graylog_ipa_dnsrecord_state }}"

  roles:
    - role: rockylinux.ipagetcert
      state: present

  post_tasks:
    - name: Open firewalld ports
      ansible.posix.firewalld:
        port: "{{ item.port }}"
        permanent: "{{ item.permanent }}"
        state: "{{ item.state }}"
      loop: "{{ graylog_server_firewall_rules }}"

    - name: Touching run file that ansible has ran here
      ansible.builtin.file:
        path: /var/log/ansible.run
        state: touch
        mode: '0644'
        owner: root
        group: root
...