---
- name: Crowdsec setup
  block:
#  - name: Include vars for {{ ansible_os_family }}
#    include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"

  - name: Debian family configuration
    block:
    - name: Install required packages
      ansible.builtin.package:
        name:
          - apt-transport-https
          - gnupg
        state: present
        update_cache: yes

    - name: add crowdsec apt key
      ansible.builtin.apt_key:
        url: https://packagecloud.io/crowdsec/crowdsec/gpgkey
        state: present

    - name: add crowdsec repository
      ansible.builtin.apt_repository:
        repo: 'deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
        state: present
        update_cache: yes

    when:
      - ansible_os_family == "Debian"

  - name: RedHat family configuration
    block:
    - name: Import CrowdSec RPM key
      ansible.builtin.rpm_key:
        state: present
        key: "{{ item }}"
      with_items:
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
    - name: Add Official crowdsec's repo
      ansible.builtin.yum_repository:
        name: crowdsec_crowdsec
        description: crowdsec_crowdsec
        baseurl: https://packagecloud.io/crowdsec/crowdsec/el/$releasever/$basearch
        enabled: true
        gpgcheck: true
        repo_gpgcheck: true
        gpgkey:
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
        metadata_expire: "300"
        file: crowdsec

    when:
      - ansible_os_family == "RedHat"

  - name: Install crowdsec
    ansible.builtin.package:
      name:
        - crowdsec
      state: present
      update_cache: yes

  - name: Deploy main config
    template:
      src: etc/crowdsec/config.yaml.j2
      dest: /etc/crowdsec/config.yaml
      owner: root
      group: root
      mode: 0644
    notify: restart crowdsec

  - name: Deploy whitelist
    template:
      src: etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml.j2
      dest: /etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml
      owner: root
      group: root
      mode: 0644
    when: crowdsec_whitelist.enabled
    notify: restart crowdsec

  - name: Flush handlers to apply config
    meta: flush_handlers

#  - name: Register agent(s)
#    include_tasks: register_agent.yml
#    when:
#      - crowdsec_delegate_server_hostname != inventory_hostname
#
  - name: Register distributed bouncers(s)
    include_tasks: add_bouncer.yml
    when:
      - crowdsec_bouncer.enabled

  tags:
    - crowdsec