Move virus scan systemd setup to its own tasks file

This allows these tasks to be run even when clamav_install_from_package_manager is false. We used to install the corresponding cron job even in this case, so it makes sense to do it for the systemd foo as well.
cisagov · Jan 14, 2025 · de082bc · de082bc
1 parent b6dbaa8
commit de082bc
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 29 deletions.
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -28,12 +28,6 @@
     file: install_from_package.yml
   when: not clamav_install_from_package_manager
 
-- name: Install virus scan shell script to be run by systemd service
-  ansible.builtin.template:
-    dest: /usr/local/sbin/virus_scan.sh
-    mode: 0500
-    src: virus_scan.sh.j2
-
 - name: Ensure that log folder exists
   ansible.builtin.file:
     mode: 0755
@@ -122,6 +116,10 @@
     state: directory
   when: clamav_scan_copy or clamav_scan_move | bool
 
+- name: Install systemd timer and service to run virus scan script
+  ansible.builtin.include_tasks:
+    file: setup_virus_scan.yml
+
 - name: Wait for new signatures to be downloaded and installed by freshclam
   ansible.builtin.wait_for:
     path: /var/lib/clamav/bytecode.cvd

diff --git a/tasks/setup_systemd.yml b/tasks/setup_systemd.yml
@@ -26,26 +26,3 @@
     enabled: true
     name: "{{ freshclam_service_name }}"
     state: started
-
-- name: Copy systemd service to run virus scan
-  ansible.builtin.copy:
-    dest: /etc/systemd/system/run-virus-scan.service
-    mode: 0500
-    src: run-virus-scan.service
-    # I'd like to validate the file here, but that can't be done
-    # cleanly.  See ansible/ansible#19243.
-    # validate: systemd-analyze verify %s
-
-- name: Copy systemd timer to run virus scan
-  ansible.builtin.template:
-    dest: /etc/systemd/system/run-virus-scan.timer
-    mode: 0500
-    src: run-virus-scan.timer.j2
-    # I'd like to validate the file here, but that can't be done
-    # cleanly.  See ansible/ansible#19243.
-    # validate: systemd-analyze verify %s
-
-- name: Enable the systemd timer
-  ansible.builtin.systemd_service:
-    enabled: true
-    name: run-virus-scan.timer
diff --git a/tasks/setup_virus_scan.yml b/tasks/setup_virus_scan.yml
@@ -0,0 +1,29 @@
+---
+- name: Install virus scan shell script to be run by systemd service
+  ansible.builtin.template:
+    dest: /usr/local/sbin/virus_scan.sh
+    mode: 0500
+    src: virus_scan.sh.j2
+
+- name: Copy systemd service to run virus scan
+  ansible.builtin.copy:
+    dest: /etc/systemd/system/run-virus-scan.service
+    mode: 0500
+    src: run-virus-scan.service
+    # I'd like to validate the file here, but that can't be done
+    # cleanly.  See ansible/ansible#19243.
+    # validate: systemd-analyze verify %s
+
+- name: Copy systemd timer to run virus scan
+  ansible.builtin.template:
+    dest: /etc/systemd/system/run-virus-scan.timer
+    mode: 0500
+    src: run-virus-scan.timer.j2
+    # I'd like to validate the file here, but that can't be done
+    # cleanly.  See ansible/ansible#19243.
+    # validate: systemd-analyze verify %s
+
+- name: Enable the systemd timer
+  ansible.builtin.systemd_service:
+    enabled: true
+    name: run-virus-scan.timer