---

 - name: Install lynis
   register: lynis_pkg
   become: yes
   package:
     name:
       - lynis
       - arch-audit
       - clamav
     state: present

 - name: lynis config
   register: lynis_conf
   become: yes
   copy:
     src: lynis/custom.prf
     dest: /etc/lynis/custom.prf
     owner: root
     group: root
     mode: 0600

 - name: Scanning services
   become: yes
   register: lynis_svc
   copy:
     src: "lynis/{{ item }}" 
     dest: /usr/lib/systemd/system/
     owner: root
     group: root
     mode: 0664
   loop:
     - sharingan-scan.service
     - sharingan-scan.timer

 - name: Scanning services
   become: yes
   register: clam_svc
   copy:
     src: "clamav/{{ item }}" 
     dest: /usr/lib/systemd/system/
     owner: root
     group: root
     mode: 0664
   loop:
     - freshclam.service
     - freshclam.timer
     - clamscan.service
     - clamscan.timer

 - systemd:
     daemon_reload: yes
   become: yes
   when: clam_svc.changed or lynis_svc.changed


 - name: Enable timers
   become: yes
   loop:
     - freshclam.timer
     - sharingan-scan.timer
   service:
     name: "{{ item }}"
     state: restarted
     enabled: yes