- name: load distribution-specific variables
  include_vars: '{{ item }}'
  with_first_found:
  - '{{ ansible_distribution }}.yml'
  - '{{ ansible_os_family }}.yml'
  - defaults.yml
  tags:
  - always
- name: load burp secrets
  include_vars: '{{ item }}'
  with_fileglob: vault/burp/{{ ansible_fqdn }}
  tags:
  - always

- name: ensure burp is installed
  package:
    name={{ burp_client_packages|join(',') }}
    state=present
  tags:
  - install

- name: ensure burp server is configured for client
  template:
    src=server-clientconf.j2
    dest=/etc/burp/clientconfdir/{{ ansible_fqdn }}
    owner=burp
    group=burp
    mode=0400
  delegate_to: '{{ burp_server_hostname }}'

- name: ensure burp pre-backup script is installed
  copy:
    src=scripts/{{ inventory_hostname }}/{{ burp_backup_script_pre|basename }}
    dest={{ burp_backup_script_pre }}
    mode=0755
  when: burp_backup_script_pre is defined
- name: ensure burp post-backup script is installed
  copy:
    src=scripts/{{ inventory_hostname }}/{{ burp_backup_script_post|basename }}
    dest={{ burp_backup_script_post }}
    mode=0755
  when: burp_backup_script_post is defined
- name: ensure burp pre-restore script is installed
  copy:
    src: scripts/{{ inventory_hostname }}/{{ burp_restore_script_pre|basename }}
    dest: '{{ burp_restore_script_pre }}'
    owner: root
    group: root
    mode: u=rwx,go=rx
  when: burp_restore_script_pre is defined
- name: ensure burp post-restore script is installed
  copy:
    src: scripts/{{ inventory_hostname }}/{{ burp_restore_script_post|basename }}
    dest: '{{ burp_restore_script_post }}'
    owner: root
    group: root
    mode: u=rwx,go=rx
  when: burp_restore_script_post is defined
- name: ensure burp client is configured
  template:
    src=burp.conf.j2
    dest=/etc/burp/burp.conf
    mode=0600
- name: ensure burp client certificate is available
  command:
    burp -c /etc/burp/burp.conf -g
    creates=/etc/burp/ssl_cert-client.pem

- name: ensure auto backup systemd units are installed
  copy:
    src: '{{ item }}'
    dest: /etc/systemd/system/
    mode: u=rw,go=r
  loop:
  - burp-backup.service
  - burp-backup.timer
  notify:
  - reload systemd
  tags:
  - systemd
- name: ensure auto backup timer is enabled
  systemd:
    name: burp-backup.timer
    enabled: true
    state: started
  tags:
  - service

- name: ensure legacy burp crontab file is removed
  file:
    path: /etc/cron.d/burp-backup
    state: absent