---
- name: Install rsyslog
  become: yes
  apt:
    name: rsyslog
    state: present

- name: Install rsyslog modules if needed
  become: yes
  apt:
    name: " {{ item.pkg }}"
    state: present
  when: "rsyslog_outputs | selectattr('proto', 'eq', item.proto) | list"
  loop:
    - proto: relp
      pkg: rsyslog-relp
    - proto: redis
      pkg: rsyslog-hiredis

# FIXME: c'est un ajout de test
- name: Install a X.509 certificate for RELP over TLS
  include_role:
    name: openssl-cert-builder
  vars:
    certificate:
      # FIXME: il faudra que le hostname dans l'inventaire Ansible
      # corresponde toujours au FQDN de la machine si on reste
      # comme ça.
      slug: "{{ inventory_hostname }}"
      common_name: "{{ inventory_hostname }}"
      not_before: +0s
      not_after: +365d

- name: Deploy main rsyslog configuration
  become: yes
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: Restart rsyslog
  loop:
    - src: rsyslog.conf.j2
      dest: /etc/rsyslog.conf
    - src: 10-common.conf.j2
      dest: /etc/rsyslog.d/10-common.conf

- name: Create journald.conf.d directory
  become: yes
  file:
    path: /etc/systemd/journald.conf.d
    state: directory

- name: Deploy journald configuration
  become: yes
  template:
    src: forward-syslog.conf.j2
    dest: /etc/systemd/journald.conf.d/forward-syslog.conf
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: Restart systemd-journald

- name: Enable rsyslog service
  become: yes
  systemd:
    name: rsyslog.service
    state: started
    enabled: yes
...