---
- name: Check Latest Grafana Access - Client IP Analysis
  hosts: production
  gather_facts: no
  become: no

  tasks:
    - name: Get latest Grafana access logs
      shell: |
        cd ~/deployment/stacks/traefik
        echo "=== Latest 5 Grafana Access Logs ==="
        tail -100 logs/access.log | grep -i grafana | tail -5
      args:
        executable: /bin/bash
      register: latest_logs
      ignore_errors: yes
      failed_when: false

    - name: Extract client IPs from latest logs
      shell: |
        cd ~/deployment/stacks/traefik
        tail -50 logs/access.log | grep -i grafana | tail -10 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | sort -u
      args:
        executable: /bin/bash
      register: client_ips
      ignore_errors: yes
      failed_when: false

    - name: Display latest logs
      debug:
        msg: "{{ latest_logs.stdout_lines }}"

    - name: Display client IPs
      debug:
        msg: "{{ client_ips.stdout_lines }}"

    - name: Analyze if traffic comes from VPN
      shell: |
        cd ~/deployment/stacks/traefik
        if tail -20 logs/access.log | grep -i grafana | tail -5 | grep -oP '"ClientHost":"[^"]*"' | grep -q "10.8.0"; then
          echo "? Traffic kommt ?ber VPN! (ClientHost: 10.8.0.x)"
        elif tail -20 logs/access.log | grep -i grafana | tail -5 | grep -oP '"ClientHost":"[^"]*"' | grep -q "89.246.96.244"; then
          echo "? Traffic kommt NICHT ?ber VPN (ClientHost: 89.246.96.244 - ?ffentliche IP)"
        else
          echo "?? Keine aktuellen Grafana-Logs gefunden. Bitte mache einen Zugriff auf https://grafana.michaelschiemer.de"
        fi
      args:
        executable: /bin/bash
      register: analysis
      ignore_errors: yes
      failed_when: false

    - name: Display analysis
      debug:
        msg: "{{ analysis.stdout_lines }}"