From 8147f41d6fd765962ad3835c1e3f9f8eada76c78 Mon Sep 17 00:00:00 2001
From: Jason Rothstein <fdragon@fdragon.org>
Date: Mon, 28 Dec 2020 17:39:10 -0600
Subject: [PATCH] Clean logs older than 90d by default to add missing feature
 to sudo

---
 defaults/main.yml |  4 +++-
 tasks/main.yml    | 29 +++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index ba49fe4..ab081a4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,4 @@
 ---
-# defaults file for ensure_sudo
\ No newline at end of file
+# defaults file for ensure_sudo
+sudo_log_retention: '90d'
+
diff --git a/tasks/main.yml b/tasks/main.yml
index 917f3b9..2bdeb97 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -85,4 +85,33 @@
     - 'ensure_sudo.service_facts'
 - name: 'flush handlers'
   meta: 'flush_handlers'
+- name: 'find directories over {{ sudo_log_retention }} old under /var/log/sudo-io'
+  when:
+    - ansible_system == 'Linux'
+    - ensure_sudo is defined
+    - sudo_log_retention is defined
+    - sudo_log_retention is regex('^[0-9]*[smhdw]$')
+  ansible.builtin.find:
+    age: '{{ sudo_log_retention }}'
+    file_type: 'directory'
+    follow: 'no'
+    paths:
+      - '/var/log/sudo-io/'
+    recurse: 'yes'
+  register: 'results'
+- name: 'And drop them'
+  when:
+    - ansible_system == 'Linux'
+    - ensure_sudo is defined
+    - sudo_log_retention is defined
+    - sudo_log_retention is regex('^[0-9]*[smhdw]$')
+    - item.path is regex('^/var/log/sudo-io/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])$')
+  ansible.builtin.file:
+    path: '{{ item.path }}'
+    state: 'absent'
+  loop: '{{ results.files }}'
+  loop_control:
+    label: '{{ item.path }} to be removed'
+- name: 'flush handlers'
+  meta: 'flush_handlers'