---

- name: burp - remove old client
  ansible.builtin.package:
    name:
    - burp-client
    state: absent

- name: burp - set some variables
  set_fact:
    burp_password: "{{lookup( 'viczem.keepass.keepass', '{{ group_names[0]}}/{{ inventory_hostname }}_burp_password', 'password' ) }}"
    burp_encryption_password: "{{lookup( 'viczem.keepass.keepass', '{{ group_names[0]}}/{{inventory_hostname }}_burp_encryption_password', 'password' ) }}"

- name: burp - ensure we have all needed vars
  assert:
    that:
      - burp_password is defined
      - burp_encryption_password is defined

- name: install burp repo
  ansible.builtin.get_url:
    url: https://copr.fedorainfracloud.org/coprs/yopito/burp2/repo/epel-{{ ansible_distribution_major_version }}/yopito-burp2-epel-{{ ansible_distribution_major_version }}.repo
    dest: /etc/yum.repos.d/burp.repo
  when: ansible_distribution != "Fedora" and ansible_os_family == 'RedHat'


- name: install burp repo
  ansible.builtin.get_url:
    url: https://copr.fedorainfracloud.org/coprs/yopito/burp2/repo/fedora-{{ ansible_distribution_major_version }}/yopito-burp2-fedora-{{ ansible_distribution_major_version }}.repo
    dest: /etc/yum.repos.d/burp.repo
  when: ansible_distribution == "Fedora" and ansible_os_family == 'RedHat'



- name: burp - install burp client
  package:
    name: "{{ burp_packages }}"
    state: present

- name: burp - deploy configuration file
  template:
    src: burp.conf
    dest: /etc/burp/burp.conf
    mode: 0600

- name: burp - add client on burp server
  template:
    src: client_conf_file
    dest: "/etc/burp/clientconfdir/{{ ansible_hostname }}"
  delegate_to: "{{ burp_server }}"

- name: burp - do a burp list to generate  certificate
  command: burp -a l
  args:
    creates: /etc/burp/ssl_cert_ca.pem

- name: burp - create backup cronjob
  vars:
    minute: "{{ 59 | random(seed=inventory_hostname) }}"
  cron:
    name: "{{ item.name }}"
    cron_file: burp
    user: root
    hour: "{{ item.hour | default('*')}}"
    minute: "{{ minute }}"
    weekday: "{{ item.weekday | default('*') }}"
    job: "{{ item.job }}"
  loop:
  - { name: "burp backup", job: "/usr/sbin/burp -a t &> /dev/null" }
  - { name: "burp report", job: "/usr/sbin/burp -a l", hour: 1, weekday: 1 }
  tags: cron

- name: burp - deploy notify script
  block:
  - name: create dir
    file:
      path: /usr/share/burp/scripts
      state: directory

  - name: copy
    copy:
      src: notify_script
      dest: /usr/share/burp/scripts/notify_script
      mode: 0755

  - name: burp - setup monitoring
    when: burp_watch
    ansible.builtin.lineinfile:
      path: /etc/zabbix/filelist.csv
      line: "{{ burp_server_directory }}/{{ ansible_hostname }}/current/timestamp"

      state: present
  delegate_to: "{{ burp_server }}"