---
# https://github.com/crowdsecurity/helm-charts/tree/main/charts/crowdsec
- name: CrowdSec setup
  block:
    - name: Defined CrowdSec repository
      kubernetes.core.helm_repository:
        name: crowdsec
        repo_url: "https://crowdsecurity.github.io/helm-charts"
    - name: Deploy latest version of CrowdSec
      kubernetes.core.helm:
        context: "{{ my_context }}"
        name: crowdsec
        release_namespace: "{{ crowdsec_namespace }}"
        create_namespace: true
        chart_ref: crowdsec/crowdsec
        chart_version: "{{ crowdsec_chart_version }}"
        values: "{{ lookup('template', 'helm-values.yaml.j2') | from_yaml }}"
#    - name: crowdsec agent install
#      kubernetes.core.k8s:
#        state: present
#        context: "{{ my_context }}"
#        namespace: "{{ crowdsec_namespace }}"
#        resource_definition: "{{ lookup('template', item) | from_yaml }}"
#      with_items:
#        - crowdsec-agent-Service.yml.j2
#        - crowdsec-agent-DaemonSet.yml.j2
#        - crowdsec-agent-serviceMonitor.yml.j2

#    - name: Wait until pod crowdsec-lapi is ready
#      kubernetes.core.k8s_info:
#        kind: Pod
#        wait: yes
#        label_selectors:
#          - "k8s-app: crowdsec"
#          - "type: lapi"
#        namespace: "{{ crowdsec_namespace }}"
#        context: "{{ my_context }}"
#        wait_sleep: 5
#        wait_timeout: 360

    - name: Install crowdsec grafana dashboard
      kubernetes.core.k8s:
        state: "present"
        context: "{{ my_context }}"
        namespace: "{{ crowdsec_namespace }}"
        apply: yes
        definition:
          apiVersion: v1
          kind: ConfigMap
          metadata:
            labels:
              grafana_dashboard: "1"
            name: crowdsec-grafana-dashboards
          data:
            Crowdsec Details per Machine.json: "{{ lookup('file', 'Crowdsec Details per Machine.json') | from_json }}"
            Crowdsec Insight.json: "{{ lookup('file', 'Crowdsec Insight.json') | from_json }}"
            Crowdsec Overview.json: "{{ lookup('file', 'Crowdsec Overview.json') | from_json }}"
            LAPI Metrics.json: "{{ lookup('file', 'LAPI Metrics.json') | from_json }}"

- name: Configure traefik bouncer access
  block:
# kubectl --context bach -n crowdsec exec deploy/crowdsec-lapi -c crowdsec-lapi -- cscli bouncers list -o raw | grep '^traefik,'
    - name: Test if traefik bouncer already existe
      ansible.builtin.shell: kubectl --context {{ my_context }} -n {{ crowdsec_namespace }} exec deploy/crowdsec-lapi -c crowdsec-lapi -- cscli bouncers list -o raw | grep -q '^traefik,'
      delegate_to: localhost
#      register: traefik_bouncer_enrolled
#      changed_when: false
      check_mode: false
  rescue:
# kubectl --context bach -n crowdsec exec deploy/crowdsec-lapi -c crowdsec-lapi -- cscli bouncers add traefik -o raw
    - name: Create traefik bouncer key
      ansible.builtin.command: kubectl --context {{ my_context }} -n {{ crowdsec_namespace }} exec deploy/crowdsec-lapi -c crowdsec-lapi -- cscli bouncers add traefik -o raw
      delegate_to: localhost
      register: traefik_bouncer_token
    - name: Show next command
      debug:
        msg: vault write exploit/clusters/{{ my_context }}/crowdsec_traefik_bouncer api_key={{ traefik_bouncer_token.stdout }}
# kubectl --context chopin -n crowdsec rollout restart deploy/crowdsec-lapi

  tags:
    - crowdsec