---
- hosts: debianservers,freebsdservers
  gather_facts: true
  become: true
  vars:
    etc_dir: "{% if ansible_system == 'FreeBSD' %}/usr/local/etc{% else %}/etc{% endif %}"
    group: "{% if ansible_system == 'FreeBSD' %}wheel{% else %}root{% endif %}"

  tasks:
    - name: Ensure rsyslog is installed
      ansible.builtin.package:
        name: rsyslog
        state: latest
      when: ansible_system == "Linux"

    - name: Ensure rsyslog is installed
      community.general.pkgng:
        name: "rsyslog"
        state: latest
      when: ansible_system == "FreeBSD"

    - name: Ensure rsyslog is enabled
      ansible.builtin.systemd_service:
        name: rsyslog
        enabled: true
        state: started
      when: ansible_service_mgr == "systemd"

    - name: Ensure rsyslog is enabled in /etc/rc.conf (FreeBSD)
      ansible.builtin.shell: sysrc rsyslogd_enable="YES"
      register: rsyslogd_enable
      when: ansible_system == "FreeBSD"
      changed_when: '"YES -> YES" not in rsyslogd_enable.stdout'

    - name: Ensure syslogd is disabled in /etc/rc.conf (FreeBSD)
      ansible.builtin.shell: sysrc syslogd_enable="NO"
      register: syslogd_enable
      when: ansible_system == "FreeBSD"
      changed_when: '"YES -> NO" in syslogd_enable.stdout'

    - name: Remove any forwarding file if exists
      ansible.builtin.file:
        path: "{{ etc_dir }}/rsyslog.d/forward.conf"
        state: absent

    - name: Get control node headnet IP address
      ansible.builtin.shell: tailscale status | head -1 | awk '{print $1}'
      register: ctrl_headnet_ip_addr
      delegate_to: 127.0.0.1
      changed_when: false
      failed_when: ctrl_headnet_ip_addr.rc != 0

    - name: Configure log forwarding
      ansible.builtin.blockinfile:
        path: "{{ etc_dir }}/rsyslog.d/forward.conf"
        create: true
        owner: root
        group: "{{ group }}"
        mode: 0644
        block: |
          # Forward to desktop.headscale.moonshadow.dev ({{ctrl_headnet_ip_addr.stdout}})
          *.* action(type="omfwd" target="{{ctrl_headnet_ip_addr.stdout}}" port="514" protocol="tcp"
              action.resumeRetryCount="100"
              queue.type="linkedList" queue.size="10000")

    - name: Restart rsyslog
      ansible.builtin.systemd_service:
        name: rsyslog
        enabled: true
        state: restarted
      when: ansible_service_mgr == "systemd"

    - name: Restart rsyslog
      ansible.builtin.shell: service rsyslogd restart
      when: ansible_service_mgr == "bsdinit"