---
# tasks file for common role
- name: Set Hostname
  hostname: name="{{ inventory_hostname }}"
  
- name: Change root password
  user: 
    name: root 
    password: "{{ root_pwd }}"
  changed_when: false
  
- name: Create admin group
  group: name={{ADMIN_GROUP}} state=present
  
- name: Ensure common packages
  yum: 
    name: "{{item}}"
    state: present
    enablerepo: epel
  with_items: 
    - libselinux-python
    - MySQL-python
    - ntp
    - nano
    - git
    - htop
    - atop
    - wget
    - bind-utils
    - yum-utils
  tags: packages
    
- name: Ensure SELinux status
  selinux:
    state: disabled
  tags: security
  
- name: Ensure requiretty disabled (Sudoers)
  lineinfile:
    dest: /etc/sudoers
    regexp: "^Defaults    requiretty"
    line: "#Defaults    requiretty"
  
- name: Configure NTPD
  template:
    src: ntp.conf.j2
    dest: /etc/ntp.conf
  tags: ntp

- name: Ensure NTPD enabled and started
  service: 
    name: ntpd
    state: started
    enabled: yes
  tags: ntp
    
- name: Ensure DNS and SSH common config
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode }}"
  with_items:
    - { src: etc.sysconfig.network.j2,
        dest: /etc/sysconfig/network,
        mode: o+rw
      }
    #- { src: etc.hosts.j2,
    #    dest: /etc/hosts,
    #    mode: o=rw,g=r,a=r
    #  }
    - { src: etc.resolv.conf.j2,
        dest: /etc/resolv.conf,
        mode: o=rw,g=r,a=r
      }
    - { src: sshd_config.j2,
        dest: /etc/ssh/sshd_config,
        mode: o=rw
      }
  notify: 
    - Restart NTPD
    - Restart SSH
  tags: dns

- name: Ensure hosts file correct
  lineinfile:
    dest: /etc/hosts
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  with_items:
    - {regexp: "^127.0.0.1.+localdomain4$",
       line: "127.0.0.1   localhost {{ ansible_hostname }}"
      }
    - {regexp: "^::1.+localdomain6$",
       line: "::1         localhost {{ ansible_hostname }}"
      }
    - {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
       line: "{{ ansible_default_ipv4.address }}  {{ ansible_hostname }}.{{ domain }} {{ ansible_hostname }}"
      }   
      
- name: Ensure correct permissions (hosts/resolv.conf)
  file:
    path: "{{item}}"
    state: touch
    mode: o+rw,g+r,a+r
  with_items: 
    - /etc/resolv.conf
    - /etc/hosts
  changed_when: false
  tags: dns
  
- name: Configure yum
  lineinfile:
    dest: /etc/yum.conf
    regexp: "installonly_limit="
    line: "installonly_limit=2"
  tags: packages
  
- name: Apply postfix configuration
  lineinfile: 
    dest: "{{item.dest}}"
    regexp: "{{item.regexp}}"
    line: "{{item.line}}"
    insertafter: EOF
  notify: Restart Postfix
  with_items:
    - { dest: /etc/postfix/main.cf,
        regexp: "inet_protocols =",
        line: "inet_protocols = ipv4"
      }
    - { dest: /etc/postfix/main.cf,
        regexp: "inet_interfaces =",
        line: "inet_interfaces = all"
      }
    - { dest: /etc/postfix/main.cf,
        regexp: "relayhost =",
        line: "relayhost = {{ relayhost }}"
      }
      
- name: Ensure Postfix is Started/Enabled
  service:
    name: postfix
    state: started
    enabled: yes

- name: Ensure root forwarding address is set
  lineinfile:
    dest: ~/.forward
    regexp: "{{ root_email }}"
    line: "{{ root_email }}"
    create: yes
    
- name: Ensure Dynamic MOTD
  copy:
    src: dynmotd
    dest: /usr/local/bin/dynmotd
    mode: a+x


- name: Remove Dynamic MOTD in profile
  lineinfile:
    dest: /etc/profile
    regexp: "^/usr/local/bin/dynmotd"
    state: absent
    
- name: Configure Dynamic MOTD in profile.d
  lineinfile:
    dest: /etc/profile.d/motd.sh
    regexp: "^/usr/local/bin/dynmotd"
    line: "/usr/local/bin/dynmotd"
    create: yes