# platform = multi_platform_all
# reboot = false
# strategy = restrict
# complexity = low
# disruption = low

{{% if 'sle' in product or 'rhel' in product or product == 'fedora' or product == 'slmicro5'  or 'ol' in families %}}
- name: Require emergency mode password
  ansible.builtin.blockinfile:
      create: yes
      dest: /etc/systemd/system/emergency.service.d/10-oscap.conf
      block: |
        [Service]
        ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
{{% else %}}
- name: Require emergency mode password
  ansible.builtin.lineinfile:
      create: yes
      dest: /usr/lib/systemd/system/emergency.service
      regexp: "^#?ExecStart="
      {{% if product in ["ol8", "ol9"] -%}}
      line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency"
      {{%- else -%}}
      line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
      {{%- endif %}}
{{% endif %}}