---
- name: /tmp bind mount in fstab
  lineinfile:
    dest: /etc/fstab
    line: '/var/tmp        /tmp            none    bind    0       0'
  register: fstab_tmp

- name: mount /tmp
  shell: 'mv /tmp/ /old-tmp; mkdir /tmp; mount /tmp; mv /old-tmp /tmp'
  when: fstab_tmp.changed

- name: apt.conf proxy
  lineinfile:
    dest: /etc/apt/apt.conf
    regexp: '^Acquire::http::Proxy'
    line: 'Acquire::http::Proxy "{{ aptproxy }}";'
    create: yes
  when:
    - aptproxy is defined

- name: remove nano
  tags: apt
  apt:
    name: nano
    state: absent
    purge: yes

- name: remove ubuntu cloud init, etc.
  tags: apt
  apt:
    name:
      - cloud-init
      - cloud-guest-utils
      - cloud-initramfs-dyn-netconf
      - cloud-initramfs-copymods
      - netplan.io
    state: absent
    purge: yes
  when:
    - ansible_distribution == "Ubuntu"

- name: apt sources.list jessie
  tags: apt
  copy:
    src: sources.list.jessie
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: apt sources.list stretch
  tags: apt
  copy:
    src: sources.list.stretch
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "9"

- name: apt sources.list buster
  tags: apt
  copy:
    src: sources.list.buster
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "10"

- name: apt sources.list bullseye
  tags: apt
  copy:
    src: sources.list.bullseye
    dest: /etc/apt/sources.list
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version == "11")

- name: apt sources.list bookworm
  tags: apt
  copy:
    src: sources.list.bookworm
    dest: /etc/apt/sources.list
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12)

- name: apt.conf allow unauthenticated jessie
  tags: apt
  lineinfile:
    dest: /etc/apt/apt.conf
    regexp: '^APT::Get::AllowUnauthenticated'
    line: 'APT::Get::AllowUnauthenticated "1";'
    create: yes
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: apt.conf allow expired jessie
  tags: apt
  lineinfile:
    dest: /etc/apt/apt.conf
    regexp: '^Acquire::Check-Valid-Until'
    line: 'Acquire::Check-Valid-Until "0";'
    create: yes
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

# ha veletlenul /dev/sdb lesz a bootdisk, elhasalna a grub-pc non-interacive
# upgrade-je a kovetkezo lepesben
- name: set debconf grub-pc/install_devices to /dev/sdb if needed
  tags: apt
  shell: 'mount | grep -q "/dev/sdb1 .* /boot" && (echo "set grub-pc/install_devices /dev/sdb" | debconf-communicate) || true'

- name: apt update
  tags: apt
  apt:
    update_cache: yes

- name: install packages
  tags: apt
  apt:
    name: aptitude
    state: present

- name: apt full-upgrade
  tags: apt
  apt:
    upgrade: full

- name: reset grub-pc/install_devices if changed 4 steps earlier
  tags: apt
  shell: 'mount | grep -q "/dev/sdb1 .* /boot" && (echo "set grub-pc/install_devices /dev/sda" | debconf-communicate) || true'

- name: install common packages for all opsys versions
  tags: apt
  apt:
    name: 
      - bind9-host
      - bzip2
      - curl
      - file
      - git
      - bsd-mailx
      - iotop
      - libpam-systemd
      - locales
      - lsof
      - make
      - mc
      - mlocate
      - mtr-tiny
      - ngrep
      - openssl
      - parted
      - patch
      - postfix
      - psmisc
      - pwgen
      - rename
      - rsync
      - screen
      - strace
      - subversion
      - sysstat
      - tcpdump
      - telnet
      - unzip
      - vim
      - w3m
      - xz-utils
      - zip
      - libfile-slurp-perl
      - libjson-perl
      - net-tools
      - man
      - ifupdown
      - mosh
    state: present

- name: install packages for debian -bullseye
  tags: apt
  apt:
    name:
      - ntp
      - ntpdate
    state: present
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)

- name: install packages for debian buster and older
  tags: apt
  apt:
    name:
      - dnsutils
    state: present
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() <= 10

- name: install packages for debian bullseye+
  tags: apt
  apt:
    name:
      - bind9-dnsutils
      - rsyslog
    state: present
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: install packages for debian bookworm+
  tags: apt
  apt:
    name:
      - ntpsec
      - ntpsec-ntpdate
    state: present
  when:
    - ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12

- name: open-vm-tools
  apt:
    name: open-vm-tools
    state: present
    purge: yes
  tags:
    - vmware
    - apt

- name: remove install user
  user:
    name: install
    state: absent
    force: yes

- name: remove install user's home directory
  file:
    path: /home/install
    state: absent

- name: "remove our key from root's authorized_keys"
  authorized_key:
    user: root
    state: absent
    key: "{{ mgmt_ssh_key }}"

- name: "disable sshd X11Forwarding"
  copy:
    content: "X11Forwarding no"
    dest: /etc/ssh/sshd_config.d/x11forwarding.conf

- name: copy pf6 package
  tags: pf6
  copy:
    src: pf6_1_all.deb
    dest: /tmp

- name: install pf6 package
  tags: pf6
  apt:
    deb: /tmp/pf6_1_all.deb

- name: sysstat enable
  tags: sysstat
  lineinfile:
    dest: /etc/default/sysstat
    regexp: "^ENABLED="
    line: 'ENABLED="true"'

- name: sysstat every minute
  tags: sysstat
  patch:
    src: sysstat_minutely.patch
    dest: /etc/cron.d/sysstat

- name: grub defaults, jessie
  tags: grub
  patch:
    src: default_grub.patch.jessie
    dest: /etc/default/grub
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: grub defaults, stretch+
  tags: grub
  patch:
    src: default_grub.patch.stretch
    dest: /etc/default/grub
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12)

- name: grub defaults, bookworm+
  tags: grub
  patch:
    src: default_grub.patch.bookworm
    dest: /etc/default/grub
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12)

- name: grub defaults, stretch+
  tags: grub
  lineinfile:
    path: /etc/default/grub
    regexp: "^GRUB_CMDLINE_LINUX="
    line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"'
  when:
    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: update-grub
  tags: grub
  command: update-grub

- name: edit locale.gen
  tags: locales
  replace:
    dest: /etc/locale.gen
    regexp: '^#\s*(hu_HU|en_US)'
    replace: '\1'

- name: run locale-gen
  tags: locales
  command: locale-gen

- name: find ntp.conf
  tags: ntp
  command: "find /etc -name ntp.conf"
  register: find_ntpconf

- name: set ntpconf veriable
  set_fact:
    ntpconf: "{{ find_ntpconf.stdout_lines[0] }}"

- name: ntp.conf remove factory ntp servers
  tags: ntp
  lineinfile:
    dest: "{{ ntpconf }}"
    regexp: '^(pool|server)\s'
    state: absent

- name: ntp.conf set ntp server
  tags: ntp
  lineinfile:
    dest: "{{ ntpconf }}"
    regexp: '^(pool|server)\s'
    line: "server {{ ntp }} iburst"
    insertafter: '^# pool:'

- name: ntp.conf stretch+ remove limited
  tags: ntp
  replace:
    path: "{{ ntpconf }}"
    regexp: "noquery limited"
    replace: "noquery"
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: ntp.conf set minsane 1
  tags: ntp
  replace:
    path: "{{ ntpconf }}"
    regexp: "minsane \\d+"
    replace: "minsane 1"

- name: postfix master.cf jessie
  tags: postfix
  patch:
    src: postfix_master.cf.patch.jessie
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: postfix master.cf stretch-buster
  tags: postfix
  patch:
    src: postfix_master.cf.patch.stretch
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "Debian"
    - (ansible_distribution_major_version|int() == 9) or
      (ansible_distribution_major_version|int() == 10)

- name: postfix master.cf bullseye+
  tags: postfix
  patch:
    src: postfix_master.cf.patch.bullseye
    dest: /etc/postfix/master.cf
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11)

- name: postfix master.cf ubuntu 20.04
  tags: postfix
  patch:
    src: postfix_master.cf.patch.ubuntu20.04
    dest: /etc/postfix/master.cf
  when:
    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: postfix relayhost
  tags: postfix
  lineinfile:
    dest: /etc/postfix/main.cf
    regexp: '^relayhost\s'
    line: "relayhost = {{ postfix_relayhost }}"
  when: postfix_relayhost is defined

- name: pvresize
  tags:
    - lvm
    - vmware
  shell: 'pvresize $(pvs --noheadings -o pv_name)'

- name: /data in fstab
  tags: lvm
  lineinfile:
    dest: /etc/fstab
    line: '/dev/mapper/vg00-data /data           ext4    defaults        0       2'
  register: fstab_data

- name: create /dev/vg00/data
  tags: lvm
  lvol:
    vg: vg00
    lv: data
    size: "{{ datasize | default('50%FREE') }}"
  when: fstab_data.changed

- name: ext4 filesystem on /dev/vg00/data
  tags: lvm
  filesystem:
    dev: /dev/vg00/data
    fstype: ext4
  when: fstab_data.changed

- name: mount /data
  tags: lvm
  shell: 'mkdir -p /data && mount /data'
  when: fstab_data.changed

# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: