---
- name: Monitor Grafana Access Live - Check Latest Request
  hosts: production
  gather_facts: no
  become: no

  tasks:
    - name: Get timestamp of last log entry
      shell: |
        cd ~/deployment/stacks/traefik
        tail -1 logs/access.log | grep -oP '"time":"[^"]*"'
      args:
        executable: /bin/bash
      register: last_log_time
      ignore_errors: yes
      failed_when: false

    - name: Display last log time
      debug:
        msg: "{{ last_log_time.stdout }}"

    - name: Get last 30 Grafana access attempts
      shell: |
        cd ~/deployment/stacks/traefik
        tail -1000 logs/access.log | grep -i grafana | tail -30
      args:
        executable: /bin/bash
      register: grafana_logs
      ignore_errors: yes
      failed_when: false

    - name: Extract client IPs from last 10 Grafana requests
      shell: |
        cd ~/deployment/stacks/traefik
        tail -200 logs/access.log | grep -i grafana | tail -10 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | sort -u
      args:
        executable: /bin/bash
      register: client_ips
      ignore_errors: yes
      failed_when: false

    - name: Display client IPs found
      debug:
        msg: "{{ client_ips.stdout_lines }}"

    - name: Analyze last 5 Grafana requests
      shell: |
        cd ~/deployment/stacks/traefik
        tail -100 logs/access.log | grep -i grafana | tail -5 | while IFS= read -r line; do
          time=$(echo "$line" | grep -oP '"time":"[^"]*"' | sed 's/"time":"//;s/"//' | cut -d'T' -f2 | cut -d'+' -f1)
          client=$(echo "$line" | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//')
          status=$(echo "$line" | grep -oP '"DownstreamStatus":[0-9]+' | sed 's/"DownstreamStatus"://')
          if [[ "$client" =~ ^10\.8\.0\.[0-9]+$ ]]; then
            echo "$time | ClientHost: $client | Status: $status ? VPN-IP"
          elif [[ "$client" == "89.246.96.244" ]]; then
            echo "$time | ClientHost: $client | Status: $status ? Public IP"
          else
            echo "$time | ClientHost: $client | Status: $status ? Unknown"
          fi
        done
      args:
        executable: /bin/bash
      register: analysis
      ignore_errors: yes
      failed_when: false

    - name: Display analysis
      debug:
        msg: "{{ analysis.stdout_lines }}"

    - name: Recommendations
      debug:
        msg:
          - ""
          - "=== ERGEBNIS ==="
          - "Wenn ClientHost: 10.8.0.7 ? Traffic kommt ?ber VPN ?"
          - "? Dann k?nnen wir die tempor?re IP-Erlaubnis entfernen!"
          - ""
          - "Wenn ClientHost: 89.246.96.244 ? Traffic kommt NICHT ?ber VPN ?"
          - "? Dann m?ssen wir weiter debuggen (Route, AllowedIPs, etc.)"