- hosts: test
  # vars:
  become: true
  gather_facts: true

  pre_tasks:

    - name: Set hostname
      ansible.builtin.hostname:
        name: "{{ ansible_hostname }}"

    - name: Create node_exporter cert dir
      file:
        path: "{{ item }}"
        state: directory
        owner: root
        group: root
      loop:
        - /etc/node_exporter

    - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
      community.crypto.openssl_privatekey:
        path: /etc/node_exporter/tls.key
        mode: 0644

# /etc/node_exporter# chmod 644 tls.key

    - name: Generate an OpenSSL Certificate Signing Request
      community.crypto.openssl_csr:
        path: /etc/node_exporter/tls.csr
        privatekey_path: /etc/node_exporter/tls.key
        common_name: "{{ ansible_hostname }}.netbird.cloud"

    - name: Generate a Self Signed OpenSSL certificate
      community.crypto.x509_certificate:
        path: /etc/node_exporter/tls.cert
        privatekey_path: /etc/node_exporter/tls.key
        csr_path: /etc/node_exporter/tls.csr
        provider: selfsigned

# export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES ---> ERROR! A worker was found in a dead state

# chmod go+r /usr/share/keyrings/netbird-archive-keyring.gpg for error:
#||-----> GPG error: https://pkgs.netbird.io/debian stable InRelease: The following signatures couldn't be verified because the public key is not available

  roles:
    - robertdebock.update
    - devsec.hardening.os_hardening
    - devsec.hardening.ssh_hardening
    - maxlareo.rkhunter
    - maxlareo.chkrootkit
    - robertdebock.auditd
    - geerlingguy.firewall
    - grog.management-user
    - GROG.user
    - GROG.authorized-key
    - GROG.sudo
    - ansible_unattended_upgrades
    - dominion_solutions.netbird.netbird
    - buluma.lynis
  tasks:
    - name: Retrieve private IP address netbird
      ansible.builtin.gather_facts:

    - name: Set host_interfaces list
      ansible.builtin.set_fact: 
       host_interfaces: "{{ host_interfaces +  [item]}}"
      vars:
        host_interfaces: []
      loop: "{{ ansible_facts.interfaces }}"

    - name: Set host_private_address
      ansible.builtin.set_fact: 
       host_private_address: "{{ ansible_facts[item].ipv4.address }}"
      vars:
        host_private_address: ""
      when: ansible_facts[item].ipv4.address | ansible.utils.ipaddr('100.96.0.0/16')
      loop: "{{ host_interfaces }}"

    # - name: Debug fingerprint for ALL hosts
    #   debug:
    #     msg: "{{ group_names }}"
    #   when: group_names is search("monitoring") 

    - ansible.builtin.import_role: 
      name: prometheus.prometheus.node_exporter

    - ansible.builtin.import_role: 
      name: prometheus.prometheus.prometheus
      when: group_names is search("monitoring") 


    # - name: "Include labocbz.install_grafana"
    #   tags:
    #     - test
    #   vars:
    #     install_grafana__protocol: "https"
    #     install_grafana__http_addr: "{{ host_private_address }}"
    #     install_grafana__domain: "{{ ansible_hostname }}.netbird.cloud"
    #     inv_install_grafana__cert_file: /etc/node_exporter/tls.cert
    #     inv_install_grafana__cert_key: /etc/node_exporter/tls.key

    #   ansible.builtin.include_role:
    #     name: ansible-role-labocbz-install-grafana

    # - prometheus.prometheus.node_exporter
# https://galaxy.ansible.com/ui/repo/published/prometheus/prometheus/content/role/node_exporter/