---
- name: Install required packages
  loop:
    - audit
    - audispd-plugins
  ansible.builtin.package:
    name: "{{ item }}"
    state: present

- name: Create folders
  ansible.builtin.file:
    name: "{{ item }}"
    state: directory
    owner: root
    group: root
    mode: "0750"
  loop:
    - /etc/audit/rules.d/
    - /etc/systemd/system/auditd.service.d/

- name: Create systemd override
  ansible.builtin.template:
    src: etc/systemd/system/auditd.service.d/override.conf.j2
    dest: "/etc/systemd/system/auditd.service.d/override.conf"
    owner: root
    group: root
    mode: "0644"
  notify: __auditd_restart

- name: Create config file
  ansible.builtin.template:
    src: etc/audit/auditd.conf.j2
    dest: "/etc/audit/auditd.conf"
    owner: root
    group: root
    mode: "0640"
  notify: __auditd_restart

- name: Create rules files
  ansible.builtin.template:
    src: "etc/audit/rules.d/{{ item }}.j2"
    dest: "/etc/audit/rules.d/{{ item }}"
    owner: root
    group: root
    mode: "0640"
  loop: "{{ __auditd_rule_templates }}"
  loop_control:
    label: "/etc/audit/rules.d/{{ item }}"
  when: item not in auditd_exclude_rule_stages
  notify: __auditd_restart

- name: Register rules files
  ansible.builtin.find:
    paths: /etc/audit/rules.d/
    file_type: file
    patterns: "*.rules"
  register: __auditd_rules_active
  changed_when: False
  failed_when: False

- name: Remove unmanaged rules files
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop: "{{ __auditd_rules_active.files | map(attribute='path') | list }}"
  notify: __auditd_restart
  when: item | basename not in __auditd_rule_templates

- name: Ensure audit service is up and running
  ansible.builtin.service:
    name: auditd
    daemon_reload: True
    enabled: True
    state: started