---
- name: /tmp bind mount in fstab
  lineinfile:
    dest: /etc/fstab
    line: '/var/tmp        /tmp            none    bind    0       0'
  register: fstab_tmp

- name: mount /tmp
  shell: 'mv /tmp/ /old-tmp; mkdir /tmp; mount /tmp; mv /old-tmp /tmp'
  when: fstab_tmp.changed

- name: apt.conf proxy
  lineinfile:
    dest: /etc/apt/apt.conf
    regexp: '^Acquire::http::Proxy'
    line: 'Acquire::http::Proxy "{{ aptproxy }}";'
    create: yes
  when:
    - aptproxy is defined

- name: remove nano
  tags: apt
  apt:
    name: nano
    state: absent
    purge: yes

- name: apt sources.list jessie
  tags: apt
  copy:
    src: sources.list.jessie
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: apt sources.list stretch
  tags: apt
  copy:
    src: sources.list.stretch
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "9"

- name: apt sources.list buster
  tags: apt
  copy:
    src: sources.list.buster
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "10"

- name: apt sources.list bullseye
  tags: apt
  copy:
    src: sources.list.bullseye
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "11"

- name: apt.conf allow unauthenticated jessie
  tags: apt
  lineinfile:
    dest: /etc/apt/apt.conf
    regexp: '^APT::Get::AllowUnauthenticated'
    line: 'APT::Get::AllowUnauthenticated "1";'
    create: yes
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: apt.conf allow expired jessie
  tags: apt
  lineinfile:
    dest: /etc/apt/apt.conf
    regexp: '^Acquire::Check-Valid-Until'
    line: 'Acquire::Check-Valid-Until "0";'
    create: yes
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: apt update
  tags: apt
  apt:
    update_cache: yes

- name: install packages
  tags: apt
  apt:
    name: aptitude
    state: present

- name: apt full-upgrade
  tags: apt
  apt:
    upgrade: full

- name: install common packages for all opsys versions
  tags: apt
  apt:
    name: "{{ item }}"
    state: present
  with_items:
    - bind9-host
    - bzip2
    - curl
    - file
    - git
    - bsd-mailx
    - iotop
    - libpam-systemd
    - locales
    - lsof
    - make
    - mc
    - mlocate
    - mtr-tiny
    - ngrep
    - ntp
    - ntpdate
    - openssl
    - parted
    - patch
    - postfix
    - psmisc
    - pwgen
    - rename
    - rsync
    - screen
    - strace
    - subversion
    - sysstat
    - tcpdump
    - telnet
    - unzip
    - vim
    - w3m
    - xz-utils
    - zip
    - libfile-slurp-perl
    - libjson-perl
    - net-tools
    - man

- name: install packages for debian buster and older
  tags: apt
  apt:
    name: "{{ item }}"
    state: present
  with_items:
    - dnsutils
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() <= 10

- name: install packages for debian bullseye and newer
  tags: apt
  apt:
    name: "{{ item }}"
    state: present
  with_items:
    - bind9-utils
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() <= 11

- name: open-vm-tools
  apt:
    name: open-vm-tools
    state: present
    purge: yes
  tags:
    - vmware
    - apt

- name: remove install user
  user:
    name: install
    state: absent
    force: yes

- name: remove install user's home directory
  file:
    path: /home/install
    state: absent

- name: "remove our key from root's authorized_keys"
  authorized_key:
    user: root
    state: absent
    key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWZi5nTI6zo3+cgGx5l163pEQXJ3aUyerqbHfQl9p8aB2bbe+vQl+Uc2Vrv8fvytAZizjPIIYdW5RqFAXrbNP+OpyFAONNZpX0omB8HLoHzOnmWpaCjMZp9XAdvWPknWFWWkwR5G5rbP5+dKeREzl4cAvW4GauEjaK4kUJF3K2HumVF6U3bzyDwnI+7h0zEbHddSOwAP1Opzla+WSdF+ZsiMdcVZE/mFxzd8sv1ZoO36sVZ1vItEAcols4qEAfwW8Gk/UjXI1XFRD1UrksAUxAc4ypu5oBVWtjMa429ZrCRbH2iU+TPbuUSXHJQMgTqsUgHrS9XkuS3EdbPA/aDMD1jhoYz2zyfAoCGdEBOuATlaoCOpOeSc9XIsasdVNwvtX2LCTlQe+LLOQzKiLaHEr/QmnLs8es8b68wtDlFIA2QAXYIfs8l+gBv3t3BIw7VPbMe8nb6hbTHFObDlVCyvXO2/6ZkOfRMgswFsQnGAqciowPxsjVer+I5hEBCMHgb6pxcUECxcxsc9P/w/z9LxGts9Ozyq55jzWMwvnFdarkzpMfWtt3QX7XG5B8OD4ghuMkX60GgvT7v1E7yTI/JtwXrsAc6jl1Qo4+TDdEYuBXe/LqyQzQ7GD1OoGRHIKCWyAQ9JiHcbUYX9p+vafXf0l1jelSg3O+cU+q+oZdGP178w== root@kavics'
    # XXX

- name: copy pf6 package
  tags: pf6
  copy:
    src: pf6_1_all.deb
    dest: /tmp

- name: install pf6 package
  tags: pf6
  apt:
    deb: /tmp/pf6_1_all.deb

- name: sysstat enable
  tags: sysstat
  lineinfile:
    dest: /etc/default/sysstat
    regexp: "^ENABLED="
    line: 'ENABLED="true"'

- name: sysstat every minute
  tags: sysstat
  patch:
    src: sysstat_minutely.patch
    dest: /etc/cron.d/sysstat

- name: grub defaults, jessie
  tags: grub
  patch:
    src: default_grub.patch.jessie
    dest: /etc/default/grub
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: grub defaults, stretch+
  tags: grub
  patch:
    src: default_grub.patch.stretch
    dest: /etc/default/grub
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() >= 9

- name: update-grub
  tags: grub
  command: update-grub

- name: edit locale.gen
  tags: locales
  replace:
    dest: /etc/locale.gen
    regexp: '^#\s*(hu_HU|en_US)'
    replace: '\1'

- name: run locale-gen
  tags: locales
  command: locale-gen


- name: ntp.conf remove factory ntp servers
  tags: ntp
  lineinfile:
    dest: /etc/ntp.conf
    regexp: '^(pool|server)\s'
    state: absent

- name: ntp.conf set ntp server
  tags: ntp
  lineinfile:
    dest: /etc/ntp.conf
    regexp: '^(pool|server)\s'
    line: "server {{ ntp }} iburst"
    insertafter: '^# pool:'

- name: ntp.conf stretch+ remove limited
  tags: ntp
  replace:
    path: /etc/ntp.conf
    regexp: "noquery limited"
    replace: "noquery"
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() >= 9


- name: postfix master.cf jessie
  tags: postfix
  patch:
    src: postfix_master.cf.patch.jessie
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: postfix master.cf stretch-buster
  tags: postfix
  patch:
    src: postfix_master.cf.patch.stretch
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "Debian"
    - (ansible_distribution_major_version|int() == 9) or
      (ansible_distribution_major_version|int() == 10)

- name: postfix master.cf bullseye
  tags: postfix
  patch:
    src: postfix_master.cf.patch.bullseye
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() == 11

- name: postfix relay
  tags: postfix
  lineinfile:
    dest: /etc/postfix/main.cf
    regexp: '^relayhost\s'
    line: "relayhost = mail-out.i.hwstudio.hu"
    # XXX

- name: pvresize /dev/sdb
  tags:
    - lvm
    - vmware
  command: 'pvresize /dev/sdb'

- name: /data in fstab
  tags: lvm
  lineinfile:
    dest: /etc/fstab
    line: '/dev/mapper/vg00-data /data           ext4    defaults        0       2'
  register: fstab_data

- name: create /dev/vg00/data
  tags: lvm
  lvol:
    vg: vg00
    lv: data
    size: "{{ datasize | default('50%FREE') }}"
  when: fstab_data.changed

- name: ext4 filesystem on /dev/vg00/data
  tags: lvm
  filesystem:
    dev: /dev/vg00/data
    fstype: ext4
  when: fstab_data.changed

- name: mount /data
  tags: lvm
  shell: 'mkdir -p /data && mount /data'
  when: fstab_data.changed

# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: