---
# Download MaxMind GeoLite2 database for Graylog GeoIP enrichment
# Requires free MaxMind account: https://dev.maxmind.com/geoip/geolite2-free-geolocation-data

- name: create geoip directory
  become: true
  ansible.builtin.file:
    path: "{{ geoip_path }}"
    state: directory
    owner: "{{ podman_subuid.stdout }}"
    group: "{{ podman_subuid.stdout }}"
    mode: '0755'
  notify: restorecon podman
  tags: graylog, geoip

- name: download GeoLite2 database
  become: true
  ansible.builtin.get_url:
    url: "https://download.maxmind.com/geoip/databases/{{ geoip_database_edition }}/download?suffix=tar.gz"
    dest: "{{ geoip_path }}/{{ geoip_database_edition }}.tar.gz"
    url_username: "{{ geoip_maxmind_account_id }}"
    url_password: "{{ geoip_maxmind_license_key }}"
    force: false
    mode: '0644'
  register: geoip_download
  tags: graylog, geoip

- name: extract GeoLite2 database
  become: true
  ansible.builtin.unarchive:
    src: "{{ geoip_path }}/{{ geoip_database_edition }}.tar.gz"
    dest: "{{ geoip_path }}"
    remote_src: true
    extra_opts:
      - --strip-components=1
      - --wildcards
      - "*/{{ geoip_database_edition }}.mmdb"
  when: geoip_download.changed
  tags: graylog, geoip

# Fix ownership of downloaded files to podman user's subuid range
- name: fix geoip files ownership for podman user
  become: true
  ansible.builtin.file:
    path: "{{ geoip_path }}"
    state: directory
    owner: "{{ podman_subuid.stdout }}"
    group: "{{ podman_subuid.stdout }}"
    recurse: true
  tags: graylog, geoip

# Graylog runs as UID 1100 inside the container
- name: fix geoip database ownership for graylog container
  become: true
  become_user: "{{ podman_user }}"
  changed_when: false
  ansible.builtin.command: |
    podman unshare chown -R 1100:1100 {{ geoip_path }}
  tags: graylog, geoip