---
- hosts: all
  gather_facts: no
  become: true
  become_user: root
  become_method: sudo
  vars:
    remote_dir: /opt/sensusagent
    local_bin_dir: "{{ LOCAL_BIN_DIR | default('./bin/agent') }}"
    tmp_dir: /tmp/sensusagent_upload
  tasks:
    - name: Ensure temp and remote dirs exist
      ansible.builtin.raw: |
        mkdir -p {{ tmp_dir }} && chmod 0777 {{ tmp_dir }}
        mkdir -p {{ remote_dir }} && chmod 0755 {{ remote_dir }}

    - name: Copy agent binary via scp to tmp (from controller)
      ansible.builtin.command: >
        scp -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
        {{ local_bin_dir }}/agent {{ ansible_user }}@{{ ansible_host }}:{{ tmp_dir }}/agent
      delegate_to: localhost

    - name: Copy config via scp to tmp (from controller)
      ansible.builtin.command: >
        scp -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
        {{ local_bin_dir }}/config.yaml {{ ansible_user }}@{{ ansible_host }}:{{ tmp_dir }}/config.yaml
      delegate_to: localhost

    - name: Copy collectors directory via scp -r to tmp (from controller)
      ansible.builtin.command: >
        scp -r -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
        {{ local_bin_dir }}/collectors {{ ansible_user }}@{{ ansible_host }}:{{ tmp_dir }}/
      delegate_to: localhost

    - name: Move files into {{ remote_dir }} with root and fix permissions
      ansible.builtin.raw: |
        cp -f {{ tmp_dir }}/agent {{ remote_dir }}/agent && chmod 0755 {{ remote_dir }}/agent
        cp -f {{ tmp_dir }}/config.yaml {{ remote_dir }}/config.yaml && chmod 0644 {{ remote_dir }}/config.yaml
        rm -rf {{ remote_dir }}/collectors && mkdir -p {{ remote_dir }}/collectors && cp -r {{ tmp_dir }}/collectors/* {{ remote_dir }}/collectors/ || true
        chmod -R 0755 {{ remote_dir }}/collectors 2>/dev/null || true
        rm -rf {{ tmp_dir }}

    - name: Install/refresh systemd unit
      ansible.builtin.raw: |
        cat >/etc/systemd/system/sensusagent.service <<'UNIT'
        [Unit]
        Description=SensusAgent metrics collector
        After=network.target
        
        [Service]
        Type=simple
        Environment=CONFIG_PATH={{ remote_dir }}/config.yaml
        ExecStart={{ remote_dir }}/agent --mode stdout
        Restart=on-failure
        RestartSec=3
        User=nobody
        Group=nogroup
        
        [Install]
        WantedBy=multi-user.target
        UNIT
        systemctl daemon-reload

    - name: Enable and start service
      ansible.builtin.raw: "systemctl enable --now sensusagent"