- include_vars: snmp_users.yml

- name: server | snmpd | install package
  package:
    name: "{{ snmpd_package }}"
    state: present

- name: server | snmpd | install sudoers file
  copy:
    dest: "/etc/sudoers.d/10-debian-snmp"
    src: "sudoers"
    owner: "root"
    group: "root"
    mode: "0660"
    validate: "visudo -cf %s"
  when: ansible_distribution in ["Debian", "Ubuntu"]

- name: server | snmpd | create /etc/snmp
  file:
    path: "/etc/snmp"
    state: directory
    owner: "root"
    group: "root"

- name: server | snmpd | insert anchors to snmpd.conf
  blockinfile:
    path: "{{ snmpd_conf }}"
    create: true
    marker: "# {mark} ANSIBLE MANAGED BLOCK"
    block: |
      ################################################################################
      # SECTION: custom settings

- name: server | snmpd | stop service
  service:
    name: "snmpd"
    state: stopped

- name: server | snmpd | setup monitoring user SNMPv3
  lineinfile:
    path: "{{ snmpd_user_file }}"
    create: true
    line: "createuser {{ snmp_user }} {{ snmp_auth_proto }} {{ snmp_auth_pass }} {{ snmp_priv_proto }} {{ snmp_priv_pass }}"

- name: server | snmpd | setup ACLs
  lineinfile:
    path: "{{ snmpd_conf }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
    line: "rouser {{ snmp_user }} authpriv"
    insertafter: "# SECTION: custom settings"

- name: server | snmpd | enable service on wireguard interface
  lineinfile:
    path: "{{ snmpd_conf }}"
    regexp: "^agentaddress.*$"
    state: present
    line: "agentaddress 127.0.0.1,{{ wg_local_ip | ipaddr('address') }},[::1]"
  when: wg_local_ip is defined

- name: server | snmpd | enable service on all interfaces
  lineinfile:
    path: "{{ snmpd_conf }}"
    regexp: "^agentaddress.*$"
    state: present
    line: "agentaddress udp:161,udp6:[::1]:161"
  when: wg_local_ip is not defined

- name: server | snmpd | copy distro script
  copy:
    dest: "/etc/snmp/distro"
    src: "distro"
    mode: "0755"

- name: server | snmpd | get os-updates script
  get_url:
    url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate"
    dest: "/etc/snmp/osupdate"
    mode: "0755"
    owner: "root"
    group: "root"

- name: server | snmpd | configure extends
  lineinfile:
    path: "{{ snmpd_conf }}"
    state: present
    line: "extend {{ item.service }} '{{ item.script }}'"
    insertafter: "# SECTION: custom settings"
  loop:
    - { service: "distro", script: "{{ sudo }} /etc/snmp/distro" }
    - { service: "osupdate", script: "{{ sudo }} /etc/snmp/osupdate" }
    - { service: "hardware", script: "/bin/cat /sys/devices/virtual/dmi/id/product_name" }
    - { service: "manufacturer", script: "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor" }
    - { service: "serial", script: "/bin/cat /sys/devices/virtual/dmi/id/product_serial" }

- block:
  - name: server | snmpd | get proxmox script
    get_url:
      url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/proxmox"
      dest: "/usr/local/bin/proxmox"
      mode: "0755"
      owner: "root"
      group: "root"
  - name: server | snmpd | configure proxmox extends
    lineinfile:
      path: "{{ snmpd_conf }}"
      state: present
      line: "extend proxmox {{ sudo }} /usr/local/bin/proxmox"
      insertafter: "# SECTION: custom settings"
  when:
    - is_proxmox is defined
    - is_proxmox == true

- name: server | snmpd start service
  service:
    name: "snmpd"
    state: started
    enabled: true