---

- name: Ensure that Munin (and useful dependencies) is installed
  apt:
    name:
      - munin
      - munin-node
      - munin-plugins-core
      - munin-plugins-extra
      - gawk
    state: present
  tags:
    - munin
    - packages

- name: Ensure /usr is still writable
  include_role:
    name: evolix/remount-usr

- block:
  - name: Replace localdomain in Munin config
    replace:
      dest: /etc/munin/munin.conf
      regexp: 'localhost.localdomain'
      replace: '{{ ansible_fqdn }}'
    notify: restart munin-node

  - name: Rename the localdomain data dir
    shell: "mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }} && rename \"s/localhost.localdomain/{{ ansible_fqdn }}/\" /var/lib/munin/{{ ansible_domain }}/*"
    args:
      creates: /var/lib/munin/{{ ansible_domain }}
      removes: /var/lib/munin/localdomain
    notify: restart munin-node

  when: not ansible_hostname == "localdomain"
  tags:
    - munin

- include_role:
    name: evolix/remount-usr

- name: Install some Munin plugins (disabled)
  copy:
    src: 'plugins/{{ item }}'
    dest: '/usr/share/munin/plugins/{{ item }}'
  loop:
    - dhcp_pool
  tags:
    - munin

- name: Ensure some Munin plugins are disabled
  file:
    path: '/etc/munin/plugins/{{ item }}'
    state: absent
  loop:
    - http_loadtime
    - exim_mailqueue
    - exim_mailstats
    - nfsd
    - nfsd4
    - nfs_client
    - nfs4_client
  notify: restart munin-node
  tags:
    - munin

- name: Ensure some Munin plugins are enabled
  file:
    src: "/usr/share/munin/plugins/{{ item }}"
    dest: "/etc/munin/plugins/{{ item }}"
    state: link
  loop:
    - meminfo
    - netstat_multi
    - tcp
    - postfix_mailqueue
    - postfix_mailstats
    - postfix_mailvolume
  notify: restart munin-node
  tags:
    - munin

- name: Enable sensors_ plugin on dedicated hardware
  file:
    src: /usr/share/munin/plugins/sensors_
    dest: "/etc/munin/plugins/sensors_{{ item }}"
    state: link
  with_items: 
    - fan
    - temp
  when: ansible_virtualization_role == "host"
  notify: restart munin-node
  tags:
    - munin

- name: Enable ipmi_ plugin on dedicated hardware
  file:
    src: /usr/share/munin/plugins/ipmi_
    dest: "/etc/munin/plugins/ipmi_{{ item }}"
    state: link
  when: ansible_virtualization_role == "host"
  notify: restart munin-node
  with_items:
    - fans
    - temp
    - power
    - volts

- name: adjustments for grsec kernel
  blockinfile:
    dest: /etc/munin/plugin-conf.d/munin-node
    marker: "# {mark} ANSIBLE MANAGED GRSECURITY CUSTOMIZATIONS"
    block: |

      [processes]
      user root

      [vmstat]
      user root

      [swap]
      user root
  when: ansible_kernel is search("-grs-")

- name: Create override directory for munin-node unit
  file:
    name: /etc/systemd/system/munin-node.service.d/
    state: directory
    mode: "0755"

- name: Override is present for protected home
  ini_file:
    dest: "/etc/systemd/system/munin-node.service.d/override.conf"
    section: "Service"
    option: "ProtectHome"
    value: "false"
    state: present
    create: yes
    mode: "0644"
  notify:
    - systemd daemon-reload
    - restart munin-node