---
- hosts: "{{runtime_hosts|default('CHANGEME')}}"
  gather_facts: "no"
  tasks:
    - name: Gather necessary facts
      setup:
        gather_subset:
          - "distribution"
          - "distribution_version"
          - "lsb"
    - name: Check-in CentOS 8
      debug:
        msg: "System is {{ansible_distribution}} {{ansible_distribution_version}} ({{ansible_lsb.description}}), checking in."
      when: (ansible_distribution == "CentOS") and (ansible_distribution_major_version == "8")
      changed_when: true
      notify: "centos-8"
  handlers:
    - name: Check whether Stream release package is installed (changed = no)
      shell: rpm --quiet -qi centos-stream-release
      args:
        warn: false
      register: pkginst
      changed_when: "pkginst.rc|int == 1"
      failed_when: "pkginst.rc|int > 1"
      listen: "centos-8"
      notify:
        - "centos-8-rel-installer"
        - "centos-8-distro-sync"
    - name: Check whether Stream releases are activated (changed = no)
      shell: rpm --quiet -qi centos-stream-repos centos-stream-release
      args:
        warn: false
      register: swapdone
      changed_when: "swapdone.rc|int == 1 or swapdone.rc|int == 2"
      failed_when: "pkginst.rc|int > 2"
      listen: "centos-8"
      notify:
        - "centos-8-swap-releases"
        - "centos-8-distro-sync"
    - name: Check for existence of rkhunter
      stat:
        path: /usr/bin/rkhunter
      register: rkhex
      ignore_errors: true
      no_log: true
      listen:
        - "centos-8-rel-installer"
        - "centos-8-swap-releases"
      changed_when:
        - rkhex.stat is defined
        - rkhex.stat.executable is defined
        - rkhex.stat.executable == true
      notify: "rkhunter execution"
    - name: rkhunter pre-check
      shell: rkhunter -c --sk --rwo --ns
      become: true
      no_log: true
      listen: "rkhunter execution"
    - name: Workaround - Old defective repos block any non-cache action, swicthing $releasever to 8-stream
      shell: sed -i 's/$releasever/8-stream/' /etc/yum.repos.d/CentOS-Linux-*
      args:
        warn: false
      listen: "centos-8-rel-installer"
      become: true
    - name: Install CentOS Stream release package (8.1-1.1911.0.7.el8.x86_64)
      shell: dnf -qy install "http://mirror.centos.org/centos/8/extras/x86_64/os/Packages/centos-release-stream-8.1-1.1911.0.7.el8.x86_64.rpm"
      args:
        warn: false
      listen: "centos-8-rel-installer"
      become: true
    - name: Swap release files to Stream
      shell: dnf -qy swap centos-linux-repos centos-stream-repos
      args:
        warn: false
      listen: "centos-8-swap-releases"
      become: true
      notify: "centos-8-distro-sync"
    - name: Perform a full distro-sync
      shell: dnf -qy distro-sync
      args:
        warn: false
      listen: "centos-8-distro-sync"
      become: true
    - name: rkhunter properties update
      shell: rkhunter --propupd --rwo --ns
      become: true
      listen: "rkhunter execution"
    - name: CKY
      shell: "systemctl stop ${SUDO_USER}.service"
      args:
        warn: false
      become: true
      listen: "centos-8-distro-sync"
      failed_when: false
      no_log: true
    - name: Reboot system regardless of actual changes
      reboot:
        reboot_timeout: 360
        pre_reboot_delay: 5
        test_command: uptime
      listen: "centos-8-distro-sync"
      become: true