---
- name: Install Evolix public repositry
  include_role:
    name: apt
    tasks_from: evolix_public.yml

- name: evomaintenance is installed
  apt:
    name: evomaintenance
    allow_unauthenticated: yes

- name: configuration is applied
  template:
    src: evomaintenance.j2
    dest: /etc/evomaintenance.cf

# - name: list users with a shell
#   shell: "cat /etc/passwd | grep -vE \"^root:\"  | grep -E \":/[^:]+sh$\" | cut -d: -f6"
#   changed_when: False
#   check_mode: no
#   register: home_of_shell_users
#
# - include: trap.yml home={{ item }}
#   with_items: "{{ home_of_shell_users.stdout_lines }}"

- name: Is minifirewall installed?
  stat:
    path: /etc/default/minifirewall
  register: minifirewall_default_file

- name: minifirewall section for evomaintenance
  lineinfile:
    dest: /etc/default/minifirewall
    line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
    insertafter: "^# EvoMaintenance"
  with_items: "{{ evomaintenance_hosts }}"
  when: minifirewall_default_file.stat.exists

- name: remove minifirewall example rule for the proxy
  lineinfile:
    dest: /etc/default/minifirewall
    regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
    state: absent
  when: minifirewall_default_file.stat.exists