- name: Install Prometheus node exporter
  ansible.builtin.apt:
    name: prometheus-node-exporter
    state: present

- name: Run Prometheus node exporter
  ansible.builtin.service:
    name: prometheus-node-exporter
    state: started

- name: Create Prometheus data directory
  ansible.builtin.file:
    path: "{{ prom_root }}/prometheus"
    state: directory
    owner: nobody

- name: Create Prometheus config directory
  ansible.builtin.file:
    path: "{{ prom_root }}/config"
    state: directory

- name: Install Prometheus configuration
  ansible.builtin.template:
    src: prometheus.yml.j2
    dest: "{{ prom_root }}/config/prometheus.yml"

- name: Create Prometheus network
  community.general.docker_network:
    name: "{{ prom_name }}"

- name: Start Prometheus container
  community.general.docker_container:
    name: "{{ prom_name }}"
    image: prom/prometheus:{{ prom_version }}
    state: started
    restart_policy: always
    volumes:
      - "{{ prom_root }}/config:/etc/prometheus"
      - "{{ prom_root }}/prometheus:/prometheus"
    networks_cli_compatible: true
    networks:
      - name: "{{ prom_name }}"
      - name: traefik
    labels:
      traefik.http.routers.prometheus.rule: "Host(`{{ prom_domain }}`)"
      traefik.http.routers.prometheus.entrypoints: websecure
      traefik.http.routers.prometheus.middlewares: "securehttps@file,localonly"
      traefik.http.routers.prometheus.tls.certresolver: letsencrypt
      traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
      traefik.docker.network: traefik
      traefik.enable: "true"

- name: Start Grafana container
  community.general.docker_container:
    name: "{{ grafana_name }}"
    image: grafana/grafana:{{ grafana_version }}
    state: started
    restart_policy: always
    user: root
    volumes: "{{ grafana_root }}:/var/lib/grafana"
    networks_cli_compatible: true
    networks:
      - name: "{{ prom_name }}"
      - name: traefik
    labels:
      traefik.http.routers.grafana.rule: "Host(`{{ grafana_domain }}`)"
      traefik.http.routers.grafana.entrypoints: websecure
      traefik.http.routers.grafana.tls.certresolver: letsencrypt
      traefik.http.routers.grafana.middlewares: "securehttps@file"
      traefik.docker.network: traefik
      traefik.enable: "true"