---
- name: Configure osquery on the local system
  hosts: localhost
  connection: local
  become: yes
  tasks:
    - name: Install osquery
      apt:
        name: osquery
        state: present
        update_cache: yes

    - name: Create osquery user
      user:
        name: osquery
        system: yes
        create_home: no
        state: present

    - name: Copy osquery.flags file
      copy:
        src: osquery.flags
        dest: /etc/osquery/osquery.flags
        owner: root
        group: root
        mode: 0644

    - name: Copy osquery.conf file
      copy:
        src: osquery.conf
        dest: /etc/osquery/osquery.conf
        owner: root
        group: root
        mode: 0644

    - name: Create log directory
      file:
        path: /var/log/osquery
        state: directory
        owner: osquery
        group: osquery
        mode: 0750

    - name: Set up logrotate
      copy:
        content: |
          /var/log/osquery/osqueryd.{INFO,ERROR,WARNING}* /var/log/osquery/osqueryd.results.log {
            daily
            rotate 3
            compress
            missingok
            notifempty
            create 0640 osquery osquery
            postrotate
                systemctl restart osqueryd > /dev/null 2>&1 || true
            endscript
          }
        dest: /etc/logrotate.d/osquery
        owner: root
        group: root
        mode: 0644