---
# Post tasks

- name: POST | Gather the package facts after remediation
  tags:
    - always
  ansible.builtin.package_facts:
    manager: auto

- name: POST | Update sysctl
  when:
    - rhel9cis_sysctl_update
    - not system_is_container
    - "'procps-ng' in ansible_facts.packages"
  ansible.builtin.template:
    src: "etc/sysctl.d/{{ item }}.j2"
    dest: "/etc/sysctl.d/{{ item }}"
    owner: root
    group: root
    mode: '0600'
  register: sysctl_updated
  notify: Reload sysctl
  loop:
    - 60-kernel_sysctl.conf
    - 60-disable_ipv6.conf
    - 60-netipv4_sysctl.conf
    - 60-netipv6_sysctl.conf

- name: Flush handlers
  ansible.builtin.meta: flush_handlers

- name: POST | reboot system if changes require it and not skipped
  tags:
    - always
  block:
    - name: POST | Reboot system if changes require it and not skipped
      ansible.builtin.reboot:
      when:
        - change_requires_reboot
        - not skip_reboot

    - name: POST | Warning a reboot required but skip option set
      ansible.builtin.debug:
        msg: "Warning!! changes have been made that require a reboot to be implemented but skip reboot was set - Can affect compliance check results"
      changed_when: true
      when:
        - change_requires_reboot
        - skip_reboot

    - name: "POST | Warning a reboot required but skip option set | warning count"
      ansible.builtin.import_tasks:
        file: warning_facts.yml
      when:
        - change_requires_reboot
        - skip_reboot
  vars:
    warn_control_id: Reboot_required