---
- name: Check for pihole
  ansible.builtin.stat:
    path: "/usr/local/bin/pihole"
  register: pihole

- name: Install latest snmpd - debian
  ansible.builtin.package:
    name: snmpd
    state: present
  when: ansible_os_family == "Debian"

- name: Install latest snmpd - centos
  ansible.builtin.package:
    name: net-snmp
    state: present
  when: ansible_distribution_file_variety == "RedHat"

- name: Install latest jq
  ansible.builtin.package:
    name: jq
    state: present

- name: Install latest rsyslog
  ansible.builtin.package:
    name: rsyslog
    state: present

- name: Fix extend serial permissions
  ansible.builtin.file:
    path: "/sys/devices/virtual/dmi/id/product_serial"
    mode: '444'
  when: ansible_architecture == "x86_64" and ansible_virtualization_role != "guest"

- name: Cron job for extend serial permissions
  ansible.builtin.lineinfile:
    path: /etc/crontab
    line: "@reboot chmod 444 /sys/devices/virtual/dmi/id/product_serial"
  when: ansible_architecture == "x86_64"

- name: Download script for extend distro
  ansible.builtin.get_url:
    url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro"
    dest: "/usr/bin/distro"
    mode: '755'

- name: Download script for extend osupdates
  ansible.builtin.get_url:
    url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate"
    dest: "/etc/snmp/osupdate"
    mode: '755'

- name: Download script for extend zfs
  ansible.builtin.get_url:
    url: "https://github.com/librenms/librenms-agent/raw/master/snmp/zfs-linux"
    dest: "/etc/snmp/zfs-linux"
    mode: '755'
  when: "'zfs-zed' in ansible_facts.packages"

- name: Download script for extend docker
  ansible.builtin.get_url:
    url: "https://raw.githubusercontent.com/librenms/librenms-agent/refs/heads/master/snmp/docker-stats.py"
    dest: "/etc/snmp/docker-stats.py"
    mode: '755'
  when: "'docker' in services"

- name: Download script for extend pihole
  ansible.builtin.get_url:
    url: "https://github.com/librenms/librenms-agent/raw/master/snmp/pi-hole"
    dest: "/etc/snmp/pi-hole"
    mode: '755'
  when: pihole.stat.exists

- name: Download script for extend raspberrypi
  ansible.builtin.get_url:
    url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/raspberry.sh"
    dest: "/etc/snmp/raspberry.sh"
    mode: '755'
  when: ansible_os_family == "Debian" and ansible_lsb.id == 'Raspbian'

- name: Add api key to pihole script for pihole01
  ansible.builtin.lineinfile:
    path: "/etc/snmp/pi-hole"
    regexp: '^API_AUTH_KEY='
    line: 'API_AUTH_KEY="{{ pihole01_key }}"'
    backrefs: true
  when: ansible_hostname == "pihole01"

- name: Add api key to pihole script for pihole02
  ansible.builtin.lineinfile:
    path: "/etc/snmp/pi-hole"
    regexp: '^API_AUTH_KEY='
    line: 'API_AUTH_KEY="{{ pihole02_key }}"'
    backrefs: true
  when: ansible_hostname == "pihole02"

- name: Set ExecStart options in service file - ubuntu
  ansible.builtin.lineinfile:
    path: "/lib/systemd/system/snmpd.service"
    regexp: '^ExecStart='
    line: "ExecStart=/usr/sbin/snmpd -LS4d -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f"
    backrefs: true
  when: ansible_os_family == "Debian"
  notify: Reload systemd configs

- name: Set snmpdopts - centos
  ansible.builtin.lineinfile:
    path: "/etc/sysconfig/snmpd"
    regexp: '^# OPTIONS=|^OPTIONS='
    line: 'OPTIONS="-LS4-6d"'
  when: ansible_distribution_file_variety == "RedHat"

- name: Copy snmpd.conf from template
  ansible.builtin.template:
    src: snmpd.conf.j2
    dest: "/etc/snmp/snmpd.conf"
    owner: root
    group: root
    mode: '0644'
  register: snmpd_config
  notify:
    - Enable and restart snmpd.service

- name: Add host to librenms
  block:
    - name: Try adding by hostname
      ansible.builtin.command:
        cmd: "/usr/bin/lnms device:add --v2c -c {{ snmp_community }} {{ inventory_hostname }}"
      become: true
      become_user: librenms
      delegate_to: nms.lyon
      register: lnms_add_by_hostname
      notify:
        - Check librenms add by hostname status
  rescue:
    - name: Add by IP when hostname fails
      ansible.builtin.command:
        cmd: "/opt/librenms/snmp-scan.py -v -r {{ ansible_default_ipv4.address }}/32"
      become: true
      become_user: librenms
      delegate_to: nms.lyon
      register: lnms_add_by_ip
      notify:
        - Check librenms add by ip status

- name: Copy sudoers from template
  ansible.builtin.template:
    src: sudoers.j2
    dest: "/etc/sudoers.d/80-snmp"
    owner: root
    group: root
    mode: '0440'

- name: Copy rsyslog config from template
  ansible.builtin.template:
    src: rsyslog.conf.j2
    dest: "/etc/rsyslog.d/librenms.conf"
    owner: root
    group: root
    mode: '0644'
  notify:
    - Enable and restart the rsyslog service
    - Restart syslog-ng for LibreNMS

- name: Verify the rsyslog service is running
  ansible.builtin.systemd:
    state: started
    name: rsyslog

- name: Verify the snmpd service is running
  ansible.builtin.systemd:
    state: started
    name: snmpd