---
# tasks file for ensure_clamav
- name: 'include variables'
  when:
    - ansible_system == 'Linux'
  include_vars:
    file: '{{ lookup("first_found", findme ) }}'
    name: 'ensure_clamav'
  vars:
    findme:
      files:
        - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
        - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-default.yml'
        - '{{ ansible_distribution }}-default.yml'
        - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
        - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-default.yml'
        - '{{ ansible_os_family }}-default.yml'
        - 'default.yml'
      paths:
        - '../vars/'
      errors: 'ignore'
- name: 'package discovery'
  when:
    - ansible_system == 'Linux'
    - packages is not defined
  ansible.builtin.package_facts:
- name: 'service discovery'
  when:
    - ansible_system == 'Linux'
    - services is not defined
  ansible.builtin.service_facts:
- name: 'ensure sysctl'
  when:
    - ansible_system == 'Linux'
    - ensure_clamav is defined
    - ensure_clamav.sysctl_list is defined
    - ensure_clamav.sysctl_list is iterable
  ansible.posix.sysctl:
    name: '{{ item.name }}'
    reload: '{{ item.reload | default(omit) }}'
    state: '{{ item.state }}'
    sysctl_file: '{{ item.sysctl_file | default(omit) }}'
    sysctl_set: '{{ item.sysctl_set | default(omit) }}'
    value: '{{ item.value | default(omit) }}'
  loop: '{{ ensure_clamav.sysctl_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.value }}'
- name: 'ensure packages'
  when:
    - ansible_system == 'Linux'
    - ensure_clamav is defined
    - ensure_clamav.package_list is defined
    - ensure_clamav.package_list is iterable
    - packages[item.name] is not defined
  ansible.builtin.package:
    name: '{{ item.name }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_clamav.package_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.state }}'
  notify:
    - 'ensure_clamav.package_facts'
    - 'ensure_clamav.service_facts'
- name: 'ensure seboolean'
  when:
    - ansible_system == 'Linux'
    - ensure_clamav is defined
    - ensure_clamav.seboolean_list is defined
    - ensure_clamav.seboolean_list is iterable
  ansible.posix.seboolean:
    name: '{{ item.name }}'
    persistent: '{{ item.persistent }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_clamav.seboolean_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.state }}'
- name: 'ensure quarantine directory'
  when:
    - ansible_system == 'Linux'
    - ensure_clamav is defined
    - quarantine_directory is defined
  ansible.builtin.file:
    path: '{{ quarantine_directory }}'
    state: 'directory'
- name: 'ensure configurations'
  when:
    - ansible_system == 'Linux'
    - ensure_clamav is defined
    - ensure_clamav.template_list is defined
    - ensure_clamav.template_list is iterable
  ansible.builtin.template:
    backup: 'no'
    dest: '{{ item.dest }}'
    group: '{{ item.group | default(omit) }}'
    mode: '{{ item.mode | default(omit) }}'
    owner: '{{ item.owner | default(omit) }}'
    selevel: '{{ iteml.selevel | default(omit) }}'
    serole: '{{ item.serole | default(omit) }}'
    setype: '{{ item.setype | default(omit) }}'
    seuser: '{{ item.seuser | default(omit) }}'
    src: '{{ item.src }}'
  loop: '{{ ensure_clamav.template_list }}'
  loop_control:
    label: '{{ item.dest }} will be ensured'
  notify:
    - 'ensure_clamav.package_facts'
    - 'ensure_clamav.service_facts'
    - 'ensure_clamav.service_reload'
    - 'ensure_clamav.services'
- name: 'ensure services'
  when:
    - ansible_system == 'Linux'
    - ensure_clamav is defined
    - ensure_clamav.service_list is defined
    - ensure_clamav.service_list is iterable
  ansible.builtin.service:
    enabled: '{{ item.enabled }}'
    name: '{{ item.name }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_clamav.service_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.state }}'
  notify:
    - 'ensure_clamav.package_facts'
    - 'ensure_clamav.service_facts'
- name: 'find failed freshclam updates...'
  when:
    - ansible_system == 'Linux'
    - ensure_clamav is defined
    - freshclam_retention is defined
    - freshclam_retention is regex('^[0-9]*[smhdw]$')
  ansible.builtin.find:
    age: '{{ freshclam_retention }}'
    file_type: 'directory'
    follow: 'no'
    paths:
      - '/var/lib/clamav/'
      - '^tmp.([0-9]|[a-f}){10}$'
    recurse: 'yes'
    use_regex: 'yes'
  register: 'results'
- name: 'And drop them'
  when:
    - ansible_system == 'Linux'
    - ensure_clamav is defined
    - freshclam_retention is defined
    - freshclam_retention is regex('^[0-9]*[smhdw]$')
    - results is defined
    - results.files is defined
    - results.files is iterable
  ansible.builtin.file:
    path: '{{ item.path }}'
    state: 'absent'
  loop: '{{ results.files }}'
  loop_control:
    label: '{{ item.path }} to be removed'
- name: 'flush handlers'
  meta: 'flush_handlers'