---
- name: "Ensure grafana directories exist"
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: "directory"
    owner: "{{ item.owner | default('root') }}"
    group: "{{ item.group | default('grafana') }}"
    mode: "{{ item.mode | default('0755') }}"
  loop:
    - path: "/etc/grafana"
    - path: "/etc/grafana/datasources"
    - path: "/etc/grafana/provisioning"
    - path: "/etc/grafana/provisioning/datasources"
    - path: "/etc/grafana/provisioning/dashboards"
    - path: "/etc/grafana/provisioning/notifiers"
    - path: "/etc/grafana/provisioning/plugins"
    - path: "{{ grafana_logs_dir }}"
      owner: grafana
    - path: "{{ grafana_data_dir }}"
      owner: grafana
    - path: "{{ grafana_data_dir }}/dashboards"
      owner: grafana
    - path: "{{ grafana_data_dir }}/plugins"
      owner: grafana

- name: "Create grafana main configuration file"
  ansible.builtin.template:
    src: "grafana.ini.j2"
    dest: "/etc/grafana/grafana.ini"
    owner: "root"
    group: "grafana"
    mode: "0640"
  no_log: "{{ 'false' if lookup('env', 'CI') else 'true' }}"
  notify: restart_grafana

- name: "Create grafana LDAP configuration file"
  ansible.builtin.template:
    src: "ldap.toml.j2"
    dest: "{{ grafana_auth.ldap.config_file | default('/etc/grafana/ldap.toml') }}"
    owner: "root"
    group: "grafana"
    mode: "0640"
  no_log: "{{ 'false' if lookup('env', 'CI') else 'true' }}"
  notify: restart_grafana
  when:
    - "'ldap' in grafana_auth"
    - "'enabled' not in grafana_auth.ldap or grafana_auth.ldap.enabled"

- name: "Enable grafana socket"
  when:
    - "grafana_server.protocol is defined and grafana_server.protocol == 'socket'"
    - "grafana_server.socket | dirname != '/var/run'"
  block:
    - name: "Create grafana socket directory"
      ansible.builtin.file:
        path: "{{ grafana_server.socket | dirname }}"
        state: "directory"
        mode: "0775"
        owner: "grafana"
        group: "grafana"

    - name: "Ensure grafana socket directory created on startup"
      ansible.builtin.template:
        src: "tmpfiles.j2"
        dest: "/etc/tmpfiles.d/grafana.conf"
        owner: "root"
        group: "root"
        mode: "0644"

- name: "Enable grafana to ports lower than port 1024"
  community.general.capabilities:
    path: /usr/sbin/grafana-server
    capability: CAP_NET_BIND_SERVICE+ep
    state: present
  when:
    - "grafana_port | int <= 1024"
    - "grafana_cap_net_bind_service"

- name: "Enable and start Grafana systemd unit"
  ansible.builtin.systemd:
    name: "grafana-server"
    enabled: true
    state: started
    daemon_reload: true