---
- name: Node Exporter | PATCH | Install node-exporter
  become: true
  ansible.builtin.dnf:
    name: node-exporter
    state: present

- name: Node Exporter | PATCH | Generate private TLS key
  community.crypto.openssl_privatekey:
    path: /etc/ssl/node-exporter.key
    size: 4096
    owner: prometheus
    group: root
    mode: '0440'
  become: true

- name: Node Exporter | PATCH | Create certificate signing request
  community.crypto.openssl_csr:
    path: /etc/ssl/node-exporter.csr
    privatekey_path: /etc/ssl/node-exporter.key
    common_name: "{{ inventory_hostname }}"
    subject_alt_name: "DNS:{{ inventory_hostname }}"
    owner: root
    group: root
    mode: '0400'
  become: true

- name: Generate self-signed certificate
  community.crypto.x509_certificate:
    provider: selfsigned
    path: /etc/ssl/node-exporter.crt
    privatekey_path: /etc/ssl/node-exporter.key
    csr_path: /etc/ssl/node-exporter.csr
    owner: prometheus
    group: root
    mode: '0440'
  become: true

- name: Node Exporter | PATCH | Install node-exporter web configuration
  become: true
  ansible.builtin.template:
    src: etc/node-exporter-web.yml
    dest: /etc/node-exporter-web.yml
    owner: root
    group: root
    mode: "0444"

- name: Node Exporter | PATCH | Set command line arguments
  become: true
  ansible.builtin.lineinfile:
    path: /etc/default/prometheus-node-exporter
    regexp: "^ARGS"
    line: "ARGS='--web.config.file=\"/etc/node-exporter-web.yml\"{% if node_exporter_textfile_directory is defined %} --collector.textfile.directory {{ node_exporter_textfile_directory }}{% endif %}'"
  notify: Restart Node Exporter

- name: Node Exporter | PATCH | Ensure node-exporter is enabled and running
  become: true
  ansible.builtin.systemd_service:
    name: prometheus-node-exporter
    masked: false
    enabled: true
    state: started

- name: Node Exporter | PATCH | Create firewalld service file for node-exporter
  become: true
  ansible.builtin.template:
    src: etc/firewalld/services/node-exporter.xml
    dest: /etc/firewalld/services/node-exporter.xml
    owner: root
    group: root
    mode: '0400'
  notify: Reload firewalld

- name: Node Exporter | Flush handlers
  ansible.builtin.meta: flush_handlers

- name: Node Exporter | PATCH | Enable node-exporter service in firewalld permanently
  become: true
  ansible.posix.firewalld:
    service: node-exporter
    permanent: true
    state: enabled
    immediate: true