---
- name: Node Exporter | AUDIT | Get Tailscale IP address
  become: true
  ansible.builtin.shell: tailscale ip -4
  register: node_exporter_tailscale_ipv4
  changed_when: false

- name: Node Exporter | PATCH | Install node-exporter
  become: true
  ansible.builtin.dnf:
    name: node-exporter
    state: present

- name: Node Exporter | PATCH | Set command line arguments
  become: true
  ansible.builtin.lineinfile:
    path: /etc/default/prometheus-node-exporter
    regexp: "^ARGS"
    line: "ARGS='--web.listen-address={{ node_exporter_tailscale_ipv4.stdout }}:9100{% if node_exporter_textfile_directory is defined %} --collector.textfile.directory {{ node_exporter_textfile_directory }}{% endif %}'"
  notify: Restart Node Exporter

- name: Node Exporter | PATCH | Ensure node-exporter is enabled and running
  become: true
  ansible.builtin.systemd_service:
    name: prometheus-node-exporter
    masked: false
    enabled: true
    state: started

- name: Node Exporter | PATCH | Create firewalld service file for node-exporter
  become: true
  ansible.builtin.template:
    src: etc/firewalld/services/node-exporter.xml
    dest: /etc/firewalld/services/node-exporter.xml
    owner: root
    group: root
    mode: '0400'
  notify: Reload firewalld

- name: Node Exporter | Flush handlers
  ansible.builtin.meta: flush_handlers

- name: Node Exporter | PATCH | Enable node-exporter service in firewalld permanently
  become: true
  ansible.posix.firewalld:
    service: node-exporter
    zone: internal
    permanent: true
    state: enabled
    immediate: true