---

- set_fact:
    minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"

- include: install_package.yml
  when: not evomaintenance_install_vendor

- include: install_vendor.yml
  when: evomaintenance_install_vendor

- name: configuration is applied
  template:
    src: evomaintenance.j2
    dest: /etc/evomaintenance.cf
    owner: root
    group: root
    mode: "0600"
    force: "{{ evomaintenance_force_config | bool }}"
  tags:
    - evomaintenance

- name: Is minifirewall installed?
  stat:
    path: /etc/default/minifirewall
  register: minifirewall_default_file
  tags:
    - evomaintenance

- name: minifirewall section for evomaintenance
  lineinfile:
    dest: /etc/default/minifirewall
    line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
    insertafter: "^# EvoMaintenance"
  with_items: "{{ evomaintenance_hosts }}"
  notify: "{{ minifirewall_restart_handler_name }}"
  when: minifirewall_default_file.stat.exists
  tags:
    - evomaintenance

- name: remove minifirewall example rule for the proxy
  lineinfile:
    dest: /etc/default/minifirewall
    regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
    state: absent
  notify: "{{ minifirewall_restart_handler_name }}"
  when: minifirewall_default_file.stat.exists
  tags:
    - evomaintenance

-  name: Force restart minifirewall
   command: /bin/true
   notify: restart minifirewall
   when: minifirewall_restart_force
   tags:
     - evomaintenance