---

 - name: sshguard package
   become: yes
   package:
     name: 
       - sshguard
       - suricata
       - oinkmaster
     state: present

 - name: sshguard config
   become: yes
   copy:
     src: sshguard.conf
     dest: /etc/sshguard.conf
     owner: root
     group: root
     mode: 0600

 - name: sshguard allowlist
   become: yes
   copy:
     dest: /etc/sshguard.allowlist
     content: |
       "{{ router }}/{{ netmask }}"
     owner: root
     group: root
     mode: 0600

# - name: Copy oinkmaster service
#   register: oinkmaster_service
#   become: yes
#   loop: 
#     - oinkmaster.service
#     - oinkmaster.timer
#   copy:
#     src: "{{ item }}"
#     dest: "/usr/lib/systemd/system/{{ item }}"
#     owner: root
#     group: root
#     mode: 0644
#
# - systemd:
#     daemon_reload: yes
#   become: yes
#   when: oinkmaster_service.changed

 - name: IDS services
   become: yes
   loop: 
     - suricata.service
     - sshguard.service
       # - oinkmaster.timer
   service: 
     name: "{{ item }}"
     state: restarted
     enabled: yes