---
- name: Install Prometheus Alert Manager
  apt:
    name:
      - prometheus-alertmanager
    state: latest
    update_cache: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Setup the arguments for alertmanager
  template:
    src: prometheus-alertmanager
    dest: /etc/default/prometheus-alertmanager
    owner: root
    group: root
    mode: '0644'
  notify: Restart Alertmanager 
  vars:
    args:
      - name: web.listen-address
        value: "127.0.0.1:9093"

- name: Copy the CA cert
  copy:
    content: "{{ ca_cert }}"
    dest: /etc/prometheus/ca.crt
  notify: 
   - Restart Alertmanager
   - Reload nginx

- name: Generate certificate
  include_role:
    name: generate-cert
  vars:
    directory: /etc/prometheus/
    cname: "alertmanager-{{ lan_address }}"
    owner: prometheus
    group: prometheus
    key_mode: u=rw,g=,o=
    subject_alt_name: "IP:{{ lan_address }}"
# Need an equivalent to notify here

- name: Ensured the certificate is monitored
  import_tasks: register-cert-to-monitoring.yml
  vars:
    target: "{{ lan_address }}:9093|alertmanager-{{ lan_address }}|{{ ansible_facts['nodename'] }}"

- name: Setup the alertmanager config
  template:
    src: alertmanager.yml
    dest: /etc/prometheus/alertmanager.yml
    owner: prometheus
    group: prometheus
    mode: '0640'
  notify: Restart Alertmanager

# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
# Think prometheus, think!
- name: Copy the nginx config
  template:
    src: atrocious_nginx_stub
    dest: "/etc/nginx/sites-available/internal-alertmanager"
  notify: Reload nginx

- name: Activate the config
  file:
    src: "/etc/nginx/sites-available/internal-alertmanager"
    dest: "/etc/nginx/sites-enabled/internal-alertmanager"
    state: link
    force: yes

- name: Setup the matrix bot
  import_tasks: kassandra.yml