---
# handlers file for RHEL9-CIS

- name: sysctl flush ipv4 route table
  become: true
  sysctl:
      name: net.ipv4.route.flush
      value: '1'
      sysctl_set: true
  ignore_errors: true
  when: ansible_virtualization_type != "docker"
  tags:
      - skip_ansible_lint

- name: sysctl flush ipv6 route table
  become: true
  sysctl:
      name: net.ipv6.route.flush
      value: '1'
      sysctl_set: true
  when: ansible_virtualization_type != "docker"

- name: update sysctl
  template:
      src: etc/99-sysctl.conf.j2
      dest: /etc/sysctl.d/99-sysctl.conf
      owner: root
      group: root
      mode: 0600
  notify: reload sysctl
  when: ansible_virtualization_type != "docker"

- name: reload sysctl
  sysctl:
    name: net.ipv4.route.flush
    value: '1'
    state: present
    reload: true
    ignoreerrors: true
  when: ansible_virtualization_type != "docker"

- name: systemd restart tmp.mount
  become: true
  systemd:
      name: tmp.mount
      daemon_reload: true
      enabled: true
      masked: false
      state: reloaded

- name: systemd restart var-tmp.mount
  become: true
  systemd:
      name: var-tmp.mount
      daemon_reload: true
      enabled: true
      masked: false
      state: reloaded

- name: remount tmp
  shell: mount -o remount /tmp
  args:
      warn: false

- name: restart firewalld
  become: true
  service:
      name: firewalld
      state: restarted

- name: restart xinetd
  become: true
  service:
      name: xinetd
      state: restarted

- name: restart sshd
  become: true
  service:
      name: sshd
      state: restarted

- name: restart postfix
  become: true
  service:
      name: postfix
      state: restarted

- name: reload dconf
  become: true
  shell: dconf update
  args:
      warn: false

- name: update auditd
  template:
      src: audit/99_auditd.rules.j2
      dest: /etc/audit/rules.d/99_auditd.rules
      owner: root
      group: root
      mode: 0600
  notify: restart auditd

- name: restart auditd
  shell: /sbin/service auditd restart
  changed_when: false
  check_mode: false
  failed_when: false
  args:
      warn: false
  when:
      - not rhel9cis_skip_for_travis
  tags:
      - skip_ansible_lint

- name: grub2cfg
  shell: "grub2-mkconfig -o {{ grub_cfg.stat.lnk_source }}"
  args:
      warn: false
  ignore_errors: True
  tags:
      - skip_ansible_lint

- name: restart rsyslog
  become: true
  service:
      name: rsyslog
      state: restarted

- name: restart syslog-ng
  become: true
  service:
      name: syslog-ng
      state: restarted

- name: systemd_daemon_reload
  systemd:
      daemon-reload: true