---
# Post tasks

- name: Perform DNF package cleanup
  dnf:
      autoremove: true
  changed_when: false

- name: Gather the package facts after remediation
  package_facts:
      manager: auto
  tags:
      - always

- name: update sysctl
  template:
      src: "etc/sysctl.d/{{ item }}.j2"
      dest: "/etc/sysctl.d/{{ item }}"
      owner: root
      group: root
      mode: 0600
  register: sysctl_updated
  notify: reload sysctl
  with_items:
      - 60-kernel_sysctl.conf
      - 60-disable_ipv6.conf
      - 60-netipv4_sysctl.conf
      - 60-netipv6_sysctl.conf
  when:
      - sysctl_update
      - not system_is_container
      - "'procps-ng' in ansible_facts.packages"

- name: flush handlers
  meta: flush_handlers

- name: POST | reboot system if changes require it and not skipped
  block:
      - name: POST | Reboot system if changes require it and not skipped
        reboot:
        when:
            - change_requires_reboot
            - not skip_reboot

      - name: POST | Warning a reboot required but skip option set
        debug:
            msg: "Warning! changes have been made that require a reboot to be implemented but skip reboot was set - Can affect compliance check results"
        changed_when: true
        when:
            - change_requires_reboot
            - skip_reboot
  tags:
      - grub
      - level1-server
      - level1-workstation
      - level2-server
      - level2-workstation
      - rhel9cis_section1
      - rhel9cis_section2
      - rhel9cis_section3
      - rhel9cis_section4
      - rhel9cis_section5
      - rhel9cis_section6