---
# tasks file for ossec-server

- name: Install the correct repository
  include: "RedHat.yml"
  when: ansible_os_family == "RedHat"

- name: Install the correct repository
  include: "Debian.yml"
  when: ansible_os_family == "Debian"


- name: Generate SSL files
  command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ossec_server_fqdn}}/"
  args:
    creates: sslmanager.cert
    chdir: /var/ossec/etc/
  tags:
      - config

- name: Configure the shared-agent.conf
  template: src=var-ossec-etc-shared-agent.conf.j2
            dest=/var/ossec/etc/shared/agent.conf
            owner=ossec
            group=ossec
            mode=0644
  notify: restart wazuh-manager
  tags:
    - init
    - config

- name: Installing custom local_rules.xml
  template:
    src: "{{ playbook_dir }}/{{ ossec_server_config.local_rules_template }}"
    dest: /var/ossec/rules/local_rules.xml
    owner: root
    group: root
    mode: 0644
  when: ossec_server_config.local_rules_template is defined
  notify: restart wazuh-manager
  tags:
    - init
    - config
    - rules

- name: Installing the local_rules.xml (default local_rules.xml)
  template: src=var-ossec-rules-local_rules.xml.j2
            dest=/var/ossec/etc/rules/local_rules.xml
            owner=root
            group=root
            mode=0644
  when: ossec_server_config.local_rules_template is not defined
  notify: restart wazuh-manager
  tags:
    - init
    - config
    - rules

- name: Check if client-syslog is enabled
  shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-csyslogd is running' | xargs echo"
  register: csyslog_running
  changed_when: False

- name: Enable client-syslog if not running and ossec_server_config.syslog_outputs is given
  command: /var/ossec/bin/ossec-control enable client-syslog
  when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined

- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
  command: /var/ossec/bin/ossec-control start client-syslog
  when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined

- name: Set ossec deploy facts for Debian
  set_fact:
    ossec_server_config_filename: ossec.conf
    ossec_init_name: ossec
  when: ansible_os_family == "Debian"

- name: Configure ossec.conf
  template: src=var-ossec-etc-ossec-server.conf.j2
            dest=/var/ossec/etc/ossec.conf
            owner=root
            group=root
            mode=0644
  notify: restart wazuh-manager
  tags:
    - init
    - config

- name: Write ossec-authd init file
  template: src=ossec-authd-init.service
            dest=/etc/init.d/ossec-authd
            owner=root
            group=root
            mode=0755
  when: ansible_service_mgr == "upstart" and ansible_os_family != "CoreOS"
  tags:
    - init
    - config

- name: Write ossec-authd systemd file
  template:
    src: ossec-authd.service
    dest: /lib/systemd/system/ossec-authd.service
  when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
  tags:
    - init
    - config

- name: Ensure Wazuh Manager, wazuh api and ossec-authd service is started and enabled
  service:
    name: "{{ item }}"
    enabled: yes
    state: started
  with_items:
    - wazuh-manager
    - wazuh-api
    - ossec-authd