---

- include_role:
    name: remount-usr

- name: /usr/share/scripts exists
  file:
    dest: /usr/share/scripts
    mode: "0700"
    owner: root
    group: root
    state: directory

- name: minifirewall_status is installed
  copy:
    src: minifirewall_status
    dest: /usr/share/scripts/minifirewall_status
    force: no
    mode: "0700"
    owner: root
    group: root

- name: /usr/local/lib/nagios/plugins/ exists
  file:
    dest: "{{ item }}"
    mode: "02755"
    owner: root
    group: staff
    state: directory
  with_items:
    - /usr/local/lib/nagios
    - /usr/local/lib/nagios/plugins

- name: check_minifirewall is installed
  copy:
    src: check_minifirewall
    dest: /usr/local/lib/nagios/plugins/check_minifirewall
    force: no
    mode: "0755"
    owner: root
    group: staff

- name: check_minifirewall is available for NRPE
  lineinfile:
    dest: /etc/nagios/nrpe.d/evolix.cfg
    regexp: 'command\[check_minifirewall\]'
    line: 'command[check_minifirewall]=sudo /usr/local/lib/nagios/plugins/check_minifirewall'
  notify: restart nagios-nrpe-server

- name: sudo without password for nagios
  lineinfile:
    dest: /etc/sudoers.d/evolinux
    regexp: 'check_minifirewall'
    line: 'nagios          ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall'
    insertafter: '^nagios'
    validate: "visudo -cf %s"