---
- name: Enable chronyd service
  ansible.builtin.systemd:
    name: chronyd
    enabled: true
    state: started
  when: cis_enable_chrony | bool

- name: Enable rsyslog service
  ansible.builtin.systemd:
    name: rsyslog
    enabled: true
    state: started
  when: cis_enable_rsyslog | bool

- name: Enable auditd service
  ansible.builtin.systemd:
    name: auditd
    enabled: true
    state: started
  when: cis_install_auditd | bool

- name: Gather service facts
  ansible.builtin.service_facts:

- name: Disable unnecessary legacy services when present
  ansible.builtin.systemd:
    name: "{{ item }}"
    enabled: false
    state: stopped
  loop: "{{ cis_legacy_services }}"
  loop_control:
    label: "{{ item }}"
  when:
    - cis_remove_legacy_packages | bool
    - item in ansible_facts.services