---
- name: Install AIDE
  ansible.builtin.package:
    name: aide
    state: present

- name: Init AIDE database
  ansible.builtin.shell: "aide --init {{ cis_aide_options }} && mv {{ cis_aide_new_file }} {{ cis_aide_current_file }}"
  args:
    creates: "{{ cis_aide_current_file }}"
  async: 300
  poll: 0

- name: Add excluded folders to AIDE, if defined
  ansible.builtin.copy:
    dest: "{{ cis_aide_config_path }}/98_aide_exclusions"
    owner: root
    group: root
    mode: u=rw,go=r
    content: |
      {% for directory in cis_aide_excluded_directories %}
      !{{ directory }}
      {% endfor %}
  when:
    - cis_aide_config_path is defined
    - cis_aide_excluded_directories is defined

- name: Add excluded folders to AIDE, if defined
  ansible.builtin.blockinfile:
    path: "{{ cis_aide_config_file }}"
    marker: "# Ansible CIS role managed block - {mark}"
    block: |
      {% for directory in cis_aide_excluded_directories %}
      !{{ directory }}
      {% endfor %}
  when:
    - cis_aide_config_path is not defined
    - cis_aide_excluded_directories is defined

- name: Install AIDE crontab
  ansible.builtin.copy:
    dest: /etc/cron.d/aide
    owner: root
    group: root
    mode: "0600"
    content: |
      SHELL=/bin/bash
      PATH=/sbin:/bin:/usr/sbin:/usr/bin
      MAILTO=root
      0 5 * * * root aide --update {{ cis_aide_options }}; mv {{ cis_aide_new_file }} {{ cis_aide_current_file }}