---
- block:
    - name: Install required packages
      loop:
        - audit
        - audispd-plugins
      package:
        name: "{{ item }}"
        state: present

    - name: Create folders
      file:
        name: "{{ item }}"
        state: directory
        owner: root
        group: root
        mode: 0750
      loop:
        - /etc/audit/rules.d/
        - /etc/systemd/system/auditd.service.d/

    - name: Create systemd override
      template:
        src: etc/systemd/system/auditd.service.d/override.conf.j2
        dest: "/etc/systemd/system/auditd.service.d/override.conf"
        owner: root
        group: root
        mode: 0644
      notify: __auditd_restart

    - name: Create config file
      template:
        src: etc/audit/auditd.conf.j2
        dest: "/etc/audit/auditd.conf"
        owner: root
        group: root
        mode: 0640
      notify: __auditd_restart

    - name: Create rules files
      template:
        src: "etc/audit/rules.d/{{ item }}.j2"
        dest: "/etc/audit/rules.d/{{ item }}"
        owner: root
        group: root
        mode: 0640
      loop: "{{ __auditd_rule_templates }}"
      loop_control:
        label: "/etc/audit/rules.d/{{ item }}"
      when: item not in auditd_exclude_rule_stages
      notify: __auditd_restart

    - name: Register rules files
      find:
        paths: /etc/audit/rules.d/
        file_type: file
        patterns: "*.rules"
      register: __auditd_rules_active
      changed_when: False
      failed_when: False

    - name: Remove unmanaged rules files
      file:
        path: "{{ item }}"
        state: absent
      loop: "{{ __auditd_rules_active.files | map(attribute='path') | list }}"
      notify: __auditd_restart
      when: item | basename not in __auditd_rule_templates

    - name: Ensure audit service is up and running
      service:
        name: auditd
        daemon_reload: yes
        enabled: yes
        state: started
  become: True
  become_user: root