---

- name: Install nginx site
  ansible.builtin.template:
    src: nginx-site.conf
    dest: /etc/nginx/sites-available/monitoring
    owner: root
    group: root
    mode: 0644
  notify: reload nginx

- name: Enable nginx site
  ansible.builtin.file:
    src: /etc/nginx/sites-available/monitoring
    dest: /etc/nginx/sites-enabled/monitoring
    state: link
  notify: reload nginx

- name: Start nginx
  ansible.builtin.systemd:
    name: nginx
    state: started
    enabled: yes

- name: Allow HTTP/HTTPS
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    destination_port: "{{ item.port }}"
    ctstate: NEW
    jump: ACCEPT
    ip_version: "{{ item.ip }}"
    action: insert
  with_items:
    - { ip: ipv6, port: 80 }
    - { ip: ipv6, port: 443 }
  notify: persist iptables
  when: not nft | bool

- name: mqtt_exporter
  tags: mqtt_exporter
  ansible.builtin.import_tasks:
    file: mqtt_exporter.yaml

- name: blackbox
  tags: blackbox
  ansible.builtin.import_tasks:
    file: blackbox.yaml

- name: prometheus
  tags: prometheus
  ansible.builtin.import_tasks:
    file: prometheus.yaml

- name: grafana
  tags: grafana
  ansible.builtin.import_tasks:
    file: grafana.yaml