---
- name: Check if monitoring vault file exists
  stat:
    path: "{{ monitoring_vault_file }}"
  delegate_to: localhost
  register: monitoring_vault_stat
  become: no

- name: Optionally load monitoring secrets from vault
  include_vars:
    file: "{{ monitoring_vault_file }}"
  when: monitoring_vault_stat.stat.exists
  no_log: yes
  delegate_to: localhost
  become: no

- name: Set Grafana admin password from vault or generate
  set_fact:
    grafana_admin_password: "{{ vault_grafana_admin_password | default(lookup('password', '/dev/null length=25 chars=ascii_letters,digits')) }}"
  no_log: yes

- name: Set Prometheus password from vault or generate
  set_fact:
    prometheus_password: "{{ vault_prometheus_password | default(lookup('password', '/dev/null length=25 chars=ascii_letters,digits')) }}"
  no_log: yes

- name: Generate Prometheus BasicAuth hash
  shell: |
    docker run --rm httpd:alpine htpasswd -nbB admin "{{ prometheus_password }}" 2>/dev/null | cut -d ":" -f 2
  register: prometheus_auth_hash
  changed_when: false
  no_log: yes

- name: Set Prometheus BasicAuth string
  set_fact:
    prometheus_auth: "admin:{{ prometheus_auth_hash.stdout }}"
  no_log: yes

- name: Ensure monitoring stack directory exists
  file:
    path: "{{ monitoring_stack_path }}"
    state: directory
    mode: '0755'

- name: Create monitoring stack .env file
  template:
    src: "{{ monitoring_env_template }}"
    dest: "{{ monitoring_stack_path }}/.env"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0600'
  no_log: yes

- name: Deploy Monitoring stack
  community.docker.docker_compose_v2:
    project_src: "{{ monitoring_stack_path }}"
    state: present
    pull: always
  register: monitoring_compose_result

- name: Wait for Monitoring to be ready
  wait_for:
    timeout: "{{ monitoring_wait_timeout }}"
  when: monitoring_compose_result.changed

- name: Record monitoring deployment facts
  set_fact:
    monitoring_stack_changed: "{{ monitoring_compose_result.changed | default(false) }}"