---
# from Debian 13 /tmp is tmpfs
- name: /tmp bind mount in fstab
  lineinfile:
    dest: /etc/fstab
    line: '/var/tmp        /tmp            none    bind    0       0'
  register: fstab_tmp
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 12) or
      ansible_distribution == "Ubuntu" or
      ansible_distribution == "RedHat" or
      ansible_distribution == "AlmaLinux"

- name: mount /tmp
  shell: 'mv /tmp/ /old-tmp; mkdir /tmp; mount /tmp; mv /old-tmp /tmp'
  when:
    - ((ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 12) or
      ansible_distribution == "Ubuntu" or
      ansible_distribution == "RedHat" or
      ansible_distribution == "AlmaLinux")
      and fstab_tmp.changed

##############################################################################
# debian-ubuntu /redhat

- name: include debian/ubuntu specific
  include_tasks: debian.yml
  when: (ansible_distribution == "Debian" or ansible_distribution == "Ubuntu")

- name: include redhat specific
  include_tasks: redhat.yml
  when: ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"

##############################################################################

- name: remove install user
  user:
    name: install
    state: absent
    force: yes

- name: remove install user's home directory
  file:
    path: /home/install
    state: absent

- name: "remove our key from root's authorized_keys (will use ansible user in future)"
  authorized_key:
    user: root
    state: absent
    key: "{{ mgmt_ssh_key }}"

- name: ntpd configuration
  when:
    - ansible_distribution == "Debian" or
      ansible_distribution == "Ubuntu" or
      (ansible_distribution == "RedHat" and ansible_distribution_major_version|int() == 9) or
      (ansible_distribution == "AlmaLinux" and ansible_distribution_major_version|int() == 9)
  block:
    - name: find ntp.conf
      tags: ntp
      command: "find /etc -name ntp.conf"
      register: find_ntpconf

    - name: set ntpconf variable
      set_fact:
        ntpconf: "{{ find_ntpconf.stdout_lines[0] }}"

    - name: ntp.conf remove factory ntp servers
      tags: ntp
      lineinfile:
        dest: "{{ ntpconf }}"
        regexp: '^(pool|server)\s'
        state: absent

    - name: ntp.conf set ntp server
      tags: ntp
      lineinfile:
        dest: "{{ ntpconf }}"
        regexp: '^(pool|server)\s'
        line: "server {{ ntp }} iburst"
        insertafter: '^# pool:'

    - name: ntp.conf remove limited, debian9-99 ubuntu20-99
      tags: ntp
      replace:
        path: "{{ ntpconf }}"
        regexp: "noquery limited"
        replace: "noquery"
      when:
        - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or
          (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

    - name: ntp.conf set minsane 1
      tags: ntp
      replace:
        path: "{{ ntpconf }}"
        regexp: "minsane \\d+"
        replace: "minsane 1"

- name: chrony configuration
  when:
    - ansible_distribution == "RedHat" and ansible_distribution_major_version|int() >= 10
  block:
    - name: chrony.conf remove factory ntp servers
      tags: ntp
      lineinfile:
        dest: /etc/chrony.conf
        regexp: '^(pool|server|sourcedir)\s'
        state: absent

    - name: chrony.conf set ntp server
      tags: ntp
      lineinfile:
        dest: /etc/chrony.conf
        regexp: '^(pool|server)\s'
        line: "server {{ ntp }} iburst"
        insertafter: '^# Please consider'

    - name: chrony.conf set allow
      tags: ntp
      lineinfile:
        dest: /etc/chrony.conf
        regexp: '^allow\s'
        line: "allow all"
        insertafter: '^#allow'

- name: postfix master.cf debian8
  tags: postfix
  patch:
    src: postfix_master.cf.patch.jessie
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: postfix master.cf debian9-10
  tags: postfix
  patch:
    src: postfix_master.cf.patch.stretch
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "Debian"
    - (ansible_distribution_major_version|int() == 9) or
      (ansible_distribution_major_version|int() == 10)

- name: postfix master.cf debian11-12
  tags: postfix
  patch:
    src: postfix_master.cf.patch.bullseye
    dest: /etc/postfix/master.cf
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11 and ansible_distribution_major_version|int() <= 12)

- name: postfix master.cf debian13-99
  tags: postfix
  patch:
    src: postfix_master.cf.patch.deb13
    dest: /etc/postfix/master.cf
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 13)

- name: postfix master.cf ubuntu20
  tags: postfix
  patch:
    src: postfix_master.cf.patch.ubuntu20.04
    dest: /etc/postfix/master.cf
  when:
    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)

- name: postfix master.cf ubuntu22-99
  tags: postfix
  patch:
    src: postfix_master.cf.patch.ubuntu22.04
    dest: /etc/postfix/master.cf
  when:
    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)

- name: postfix master.cf redhat
  tags: postfix
  patch:
    src: postfix_master.cf.patch.redhat9
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"

- name: enable postfix service on redhat
  tags: postfix
  systemd_service:
    name: postfix
    enabled: yes
  when:
    - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"

- name: postfix inet_protocols ipv4 (redhat)
  tags: postfix
  lineinfile:
    dest: /etc/postfix/main.cf
    regexp: '^inet_protocols\s'
    line: "inet_protocols = ipv4"
  when:
    - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"

- name: postfix myhostname (redhat)
  tags: postfix
  lineinfile:
    dest: /etc/postfix/main.cf
    regexp: '^myhostname\s'
    line: "myhostname = {{ hostname }}.{{ domain }}"
  when:
    - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"

- name: postfix relayhost
  tags: postfix
  lineinfile:
    dest: /etc/postfix/main.cf
    regexp: '^relayhost\s'
    line: "relayhost = {{ postfix_relayhost }}"
  when: postfix_relayhost is defined

- name: pvresize
  tags:
    - lvm
    - vmware
  shell: 'pvresize $(pvs --noheadings -o pv_name)'

- name: /data in fstab
  tags: lvm
  lineinfile:
    dest: /etc/fstab
    line: '/dev/mapper/vg00-data /data           ext4    defaults        0       2'
  register: fstab_data

- name: create /dev/vg00/data
  tags: lvm
  lvol:
    vg: vg00
    lv: data
    size: "{{ datasize | default('50%FREE') }}"
  when: fstab_data.changed

- name: ext4 filesystem on /dev/vg00/data
  tags: lvm
  filesystem:
    dev: /dev/vg00/data
    fstype: ext4
  when: fstab_data.changed

- name: mount /data
  tags: lvm
  shell: 'mkdir -p /data && mount /data'
  when: fstab_data.changed

- name: bash profile.d
  file:
    path: "/etc/profile.d"
    state: directory
    mode: 0755

- name: bash vtysh pager
  copy:
    dest: "/etc/profile.d/vtysh.sh"
    mode: 0644
    content: "export VTYSH_PAGER='less -F'\n"

- name: set vm swappiness
  lineinfile:
    dest: /etc/sysctl.d/swappiness.conf
    regexp: '^vm.swappiness\s='
    line: "vm.swappiness = 2"
    create: yes

# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: