---
- name: Ensure crowdsec directory exists
  file:
    path: "{{ item }}"
    state: directory
  loop:
    - /etc/crowdsec/notifications
    - /etc/crowdsec/parsers/s02-enrich

- name: configure crowdsec
  template:
    src: "{{ item.src }}"
    dest: "/etc/crowdsec/{{ item.dest }}"
  register: crowdsecconfig
  loop:
    - {src: "config.yaml.j2", dest: "config.yaml" }
    - {src: "profiles.yaml.j2", dest: "profiles.yaml" }
    - {src: "email.yaml.j2", dest: "notifications/email.yaml" }
    - {src: "mywhitelists.yaml.j2", dest: "parsers/s02-enrich/mywhitelists.yaml" }

- name: "stop crowdsec container to reload config"
  docker_container:
    name: "{{ instance_name }}"
    state: stopped
  when: crowdsecconfig is changed
  ignore_errors: yes

- name: "launch {{ instance_name }} container"
  docker_container:
    name: "{{ instance_name }}"
    image: "crowdsecurity/crowdsec:{{ version }}"
    pull: true
    state: started
    restart_policy: unless-stopped
    memory: 2G
    volumes:
      - /etc/crowdsec:/etc/crowdsec
      - /var/lib/crowdsec:/var/lib/crowdsec/data
      - /var/log/:/logs:ro
    mounts:
      - target: /tmp
        type: tmpfs
        tmpfs_mode: 1777
        tmpfs_size: 512M
    env:
      COLLECTIONS: "{{ cs_collections_list | join(' ') }}"
      SCENARIOS: "{% if cs_scenarios_list is defined %}{{ cs_scenarios_list | join(' ') }}{% endif %}"
      PARSERS: "{% if cs_parsers_list is defined %}{{ cs_parsers_list | join(' ') }}{% endif %}"
      POSTOVERFLOWS: "{% if cs_postoverflows_list is defined %}{{ cs_postoverflows_list | join(' ') }}{% endif %}"
    published_ports:
      - "{{ prometheus_endpoint }}:6060"
      - "{{ endpoint }}:8080"
    log_driver: syslog
    log_options:
      syslog-address: unixgram:///dev/log
      syslog-facility: daemon
      tag: "{{ instance_name }}"