51 lines
1.1 KiB
YAML
51 lines
1.1 KiB
YAML
---
|
|
|
|
- name: install packages
|
|
package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- clamav
|
|
- clamav-update
|
|
- clamd
|
|
|
|
- name: fix socket directory permissions
|
|
copy:
|
|
dest: /etc/tmpfiles.d/clamd.scan.conf
|
|
content: "d /run/clamd.scan 711 clamscan clamscan"
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: refresh clamd socket directory
|
|
|
|
- name: enable clamd local socket
|
|
lineinfile:
|
|
path: /etc/clamd.d/scan.conf
|
|
regexp: "^#?LocalSocket .*"
|
|
line: "LocalSocket /run/clamd.scan/clamd.sock"
|
|
notify: restart clamd
|
|
|
|
- name: allow everyone to connect local socket
|
|
lineinfile:
|
|
path: /etc/clamd.d/scan.conf
|
|
regexp: "^#?LocalSocketMode .*"
|
|
line: "LocalSocketMode 666"
|
|
notify: restart clamd
|
|
|
|
- name: link clamd service
|
|
file:
|
|
dest: /etc/systemd/system/clamd@scan.service
|
|
src: /lib/systemd/system/clamd@.service
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
follow: false
|
|
|
|
- name: enable services
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: true
|
|
state: started
|
|
with_items:
|
|
- clamav-freshclam
|
|
- clamd@scan
|