---
- name: Ensure rsyslog is installed
  ansible.builtin.package:
    name: rsyslog
    state: present

- name: Setup rsyslog client
  ansible.builtin.block:
    - name: Drop configuration item for syslog
      ansible.builtin.template:
        src: "etc/rsyslog.d/forwarder.conf"
        dest: "/etc/rsyslog.d/forwarder.conf"
        owner: root
        group: root
        mode: "0644"
      notify: restart_rsyslog
  when: syslog_type == "client"

- name: Setup rsyslog server
  ansible.builtin.block:
    - name: Drop configuration item for syslog
      ansible.builtin.template:
        src: "etc/rsyslog.d/receiver.conf"
        dest: "/etc/rsyslog.d/receiver.conf"
        owner: root
        group: root
        mode: "0644"
      notify: restart_rsyslog

    - name: Deploy logrotate file
      ansible.builtin.file:
        src: "etc/logrotate.d/syslogserver"
        dest: "/etc/logrotate.d/syslogserver"
        owner: root
        group: root
        mode: '0644'

    - name: Open applicable firewall rules
      ansible.posix.firewalld:
        port: "{{ item }}"
        permanent: true
        state: enabled
        immediate: true
      loop:
        - "514/tcp"
        - "514/udp"
  when: syslog_type == "server"
...