---
- hosts: "{{runtime_hosts|default('CHANGEME')}}"
  gather_facts: "no"
  tasks:
    - name: Gather distro
      setup:
        filter: "ansible_distribution*"
    - name: Check-in CentOS 8
      debug:
        msg: "System is {{ansible_distribution}} {{ansible_distribution_version}}, checking in."
      when: (ansible_distribution == "CentOS") and (ansible_distribution_major_version == "8")
      changed_when: true
      notify: "centos-8"
  handlers:
    - name: Check whether Stream release package is installed
      shell: rpm --quiet -qi centos-stream-release
      args:
        warn: false
      register: pkginst
      changed_when: "pkginst.rc|int == 1"
      failed_when: "pkginst.rc|int > 1"
      listen: "centos-8"
      notify:
        - "centos-8-rel-installer"
        - "centos-8-distro-sync"
    - name: Check whether Stream releases are activated
      shell: rpm --quiet -qi centos-stream-repos centos-strean-release
      args:
        warn: false
      register: swapdone
      changed_when: "swapdone.rc|int == 1 or swapdone.rc|int == 2"
      failed_when: "pkginst.rc|int > 2"
      listen: "centos-8"
      notify:
        - "centos-8-swap-releases"
        - "centos-8-distro-sync"
    - name: Check for existence of rkhunter
      stat:
        path: /usr/bin/rkhunter
      register: rkhex
      ignore_errors: true
      no_log: true
      listen:
        - "centos-8-rel-installer"
        - "centos-8-swap-releases"
      changed_when:
        - rkhex.stat is defined
        - rkhex.stat.executable is defined
        - rkhex.stat.executable == true
      notify: "rkhunter execution"
    - name: rkhunter pre-check
      shell: rkhunter -c --sk --rwo --ns
      become: true
      no_log: true
      listen: "rkhunter execution"
    - name: Update repository caches
      dnf:
        state: present
        update_cache: "yes"
        validate_certs: "yes"
      listen:
        - "centos-8-rel-installer"
        - "centos-8-swap-releases"
    - name: Install CentOS Stream release package
      dnf:
        name: centos-release-stream
        state: latest
      listen: "centos-8-rel-installer"
      become: true
    - name: Swap release files to Stream
      shell: dnf -qy swap centos-linux-repos centos-stream-repos
      args:
        warn: false
      listen: "centos-8-swap-releases"
      become: true
      notify: "centos-8-distro-sync"
    - name: Perform a full distro-sync
      shell: dnf -qy distro-sync
      listen: "centos-8-distro-sync"
      become: true
    - name: rkhunter properties update
      shell: rkhunter --propupd --rwo --ns
      become: true
      listen: "rkhunter execution"
    - name: Reboot system regardless of actual changes
      reboot:
        reboot_timeout: 360
        pre_reboot_delay: 5
        test_command: uptime
      listen: "centos-8-distro-sync"
      become: true