---

- name: evomaintenance is installed
  command: "apt-get install -yq --allow-unauthenticated evomaintenance"
  register: installed_evomaintenance
  changed_when: not (installed_evomaintenance.stdout | search("0 upgraded") and installed_evomaintenance.stdout | search("0 newly installed"))

- name: configuration is applied
  template:
    src: evomaintenance.j2
    dest: /etc/evomaintenance.cf

- name: list users with a shell
  shell: "cat /etc/passwd | grep -vE \"^root:\"  | grep -E \":/[^:]+sh$\" | cut -d: -f6"
  changed_when: False
  check_mode: no
  
  register: home_of_shell_users

- include: trap.yml home={{ item }}
  with_items: "{{ home_of_shell_users.stdout_lines }}"

- name: minifirewall section for evomaintenance
  lineinfile:
    dest: /etc/default/minifirewall
    line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
    insertafter: "^# EvoMaintenance"
  with_items: "{{ evomaintenance_hosts }}"

- name: remove minifirewall example rule for the proxy
  lineinfile:
    dest: /etc/default/minifirewall
    regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
    state: absent