---
# - name: Install Chocolatey
#   ansible.builtin.import_tasks: install-chocolatey.yml

- name: Set Cipher Suite
  ansible.builtin.import_tasks: set-cipher-suite.yml

- name: Set Features
  ansible.builtin.import_tasks: set-windows-features.yml

- name: Set DevOps Environment Variables
  ansible.windows.win_environment:
    level: machine
    variables:
      ASPNETCORE_ENVIRONMENT: "{{ devops_env }}"
      DOTNET_ENVIRONMENT: "{{ devops_env }}"

- name: Install Framework 4.8
  ansible.builtin.import_tasks: install-framework-4.8.yml

- name: Ensure IIS Log Retention Task Exists
  community.windows.win_scheduled_task:
    state: present
    enabled: true
    name: IIS Log Retention
    description: "{{ iis_log_retention_days }}-day retention"
    allow_demand_start: true
    allow_hard_terminate: true
    execution_time_limit: PT1H
    # group: NT AUTHORITY
    username: SYSTEM
    compatibility: 4
    actions:
      - path: C:\Windows\System32\forfiles.exe
        arguments: /P "{{ iis_log_directory }}" /S /M *.log /D -{{ iis_log_retention_days }} /C "cmd /c del @PATH"
    triggers:
      - type: daily
        enabled: true
        start_boundary: "2000-10-10T03:00:00"

- name: Set IIS Header Logging
  ansible.windows.win_powershell:
    script: |
      Import-Module WebAdministration

      Set-WebConfigurationProperty `
        -pspath 'MACHINE/WEBROOT/APPHOST' `
        -filter "system.applicationHost/sites/siteDefaults/logFile/customFields" `
        -name "." `
        -value @{logFieldName='x-forwarded-for';sourceName='x-forwarded-for';sourceType='RequestHeader'}

      Set-WebConfigurationProperty `
        -pspath 'MACHINE/WEBROOT/APPHOST' `
        -filter "system.applicationHost/sites/siteDefaults/logFile/customFields" `
        -name "." `
        -value @{logFieldName='x-correlation-id';sourceName='x-correlation-id';sourceType='RequestHeader'}

- name: Ensure WebPI Is Installed
  ansible.windows.win_package:
    path: https://download.microsoft.com/download/8/4/9/849DBCF2-DFD9-49F5-9A19-9AEE5B29341A/WebPlatformInstaller_x64_en-US.msi
    product_id: "{849DBCF2-DFD9-49F5-9A19-9AEE5B29341A}"
    state: present

- name: Ensure Application Request Routing 3.0 Is Installed
  ansible.windows.win_package:
    path: https://download.microsoft.com/download/E/9/8/E9849D6A-020E-47E4-9FD0-A023E99B54EB/requestRouter_amd64.msi
    product_id: "{E9849D6A-020E-47E4-9FD0-A023E99B54EB}"
    state: present

- name: Ensure svc-rmagent Exists
  ansible.windows.win_user:
    name: svc-rmagent
    state: present

- name: Ensure svc-rmagent is in the local Admin Group
  ansible.windows.win_group_membership:
    name: Administrators
    members:
      - svc-rmagent
    state: present

- name: Ensure DL_ISG_WEB Group Exists
  ansible.windows.win_group:
    name: DL_ISG_WEB
    state: present

# TODO: Determine adding group to another group? Ask Monique, not sure what this means.

- name: Ensure Log Paths Exist
  ansible.windows.win_file:
    state: directory
    path: "{{ item }}"
  loop:
    - "{{ iis_log_directory }}"
    - "{{ log_dir }}"
  when: devops_env is in ['QA', 'PROD', 'TRN']

- name: Ensure ISG Team & Admin Have Proper Log Permissions
  ansible.windows.win_acl:
    path: "{{ item.path }}"
    user: "{{ item.user }}"
    type: allow
    rights: "{{ item.rights }}"
    state: present
  loop:
    - user: DL_ISG_WEB
      path: "{{ iis_log_directory }}"
      rights: Read
    - user: DL_ISG_WEB
      path: "{{ log_dir }}"
      rights: Read
    - user: Administrators
      path: "{{ iis_log_directory }}"
      rights: FullControl
    - user: Administrators
      path: "{{ log_dir }}"
      rights: FullControl
  when: devops_env is in ['QA', 'PROD', 'TRN']