---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
  apt:
    name:
      - apt-transport-https
      - ca-certificates
      - gnupg
    state: present
    register: wazuh_manager_https_packages_installed
    until: wazuh_manager_https_packages_installed is succeeded
    cache_valid_time: 3600

- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
  become: yes
  shell: |
    set -o pipefail
    curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
  args:
    warn: False
    executable: /bin/bash
  changed_when: False
  when:
    - ansible_distribution == "Ubuntu"
    - ansible_distribution_major_version | int == 14

- name: Debian/Ubuntu | Installing Wazuh repository key
  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
  when:
    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)

- name: Debian/Ubuntu | Add Wazuh repositories
  apt_repository:
    repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
    state: present
    update_cache: yes
  changed_when: False

- name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14)
  become: yes
  shell: |
    set -o pipefail
    curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
  args:
    warn: False
    executable: /bin/bash
  changed_when: False
  when:
    - ansible_distribution == "Ubuntu"
    - ansible_distribution_major_version | int == 14

- name: Debian/Ubuntu | Installing NodeJS repository key
  apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
  when:
    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)

- name: Debian/Ubuntu | Add NodeSource repositories for Node.js
  apt_repository:
    repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
    state: present
    update_cache: yes
  changed_when: False

- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
  set_fact:
    cis_distribution_filename: cis_debian_linux_rcl.txt

- when:
   - wazuh_manager_config.cis_cat.disable == 'no'
   - wazuh_manager_config.cis_cat.install_java == 'yes'
  block:
  - name: Debian/Ubuntu | Setting webupd8 repository
    apt_repository:
      repo: 'ppa:webupd8team/java'
      codename: 'xenial'
      update_cache: yes

  - name: Debian/Ubuntu | Accept Oracle Java 8 license
    debconf:
      name: oracle-java8-installer
      question: shared/accepted-oracle-license-v1-1
      value: true
      vtype: boolean

  - name: Debian/Ubuntu | Oracle Java 8 installer
    apt:
      name: oracle-java8-installer
      state: present
      cache_valid_time: 3600
    register: wazuh_manager_oracle_java_8_installed
    until: wazuh_manager_oracle_java_8_installed is succeeded
  tags:
    - init

- name: Debian/Ubuntu | Install OpenScap
  package:
    name: "{{ item }}"
    state: present
    cache_valid_time: 3600
  register: wazuh_manager_openscap_installed
  until: wazuh_manager_openscap_installed is succeeded
  when: wazuh_manager_config.openscap.disable == 'no'
  with_items:
    - libopenscap8
    - xsltproc
  tags:
    - init

- name: Debian/Ubuntu | Get OpenScap installed version
  shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
  when: wazuh_manager_config.openscap.disable == 'no'
  register: openscap_version
  changed_when: False
  tags:
    - config

- name: Debian/Ubuntu | Check OpenScap version
  shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
  when: wazuh_manager_config.openscap.disable == 'no'
  register: openscap_version_valid
  changed_when: False
  tags:
    - config