---

- name: Check that IP address is setup
  template: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
  tags: system

- name: Check that GW is setup
  template: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
  tags: system

# Validate the sudoers file before saving
- name: Check that sudo is configured
  lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes
  with_items: 
    - fwadmin
    - bruno
  tags: system

- name: Check that sshd is installed
  urpmi: name=openssh-server state=installed update_cache=yes no-recommends=yes
  tags: system

- name: Check that sshd is configured
  #lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes
  lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes
  notify:
    - restart sshd
  tags: system

- name: Ensure the groups exists
  group: name={{ item }} state=present 
  tags: system
  with_items: 
    - fwadmin
    - bruno

- name: Ensure the accounts exists
  user: name={{ item }} state=present group={{ item }} home=/home/{{ item }} move_home=yes
  tags: system
  with_items: 
    - fwadmin
    - bruno

- name: Copy special keys for remote access (git...)
  copy: src=/users/bruno/prj/musique-ancienne.org/mondorescue.org/{{ item.f }} dest=/home/bruno/{{ item.f }} mode={{ item.m }} backup=yes owner=bruno group=bruno
  with_items: 
    - { f: .ssh, m: 700 }
    - { f: .ssh/id_rsa, m: 600 }
    - { f: .ssh/id_rsa.pub, m: 644 }

- name: Copy public keys for access
  lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' mode=0600 backup=yes owner={{ item }} group={{ item }}
  with_items: 
    - fwadmin
    - bruno
  tags: system

- name: Check that sshd is running and enabled
  service: name=sshd state=running enabled=yes
  tags: system

- name: Check that sshutout is installed
  urpmi: name=sshutout state=installed update_cache=yes no-recommends=yes
  tags: system

- name: Check that sshutout is configured
  template: src=templates/sshutout.conf dest=/etc/sshutout.conf owner=root group=root mode=0600 backup=yes
  notify:
    - restart sshutout
  tags: system

- name: Check that sshutout is running and enabled
  service: name=sshutout state=running enabled=yes
  tags: system

- name: Setup backup script
  copy: src=files/{{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755 backup=yes
  with_items: 
    - mkbkp
  tags: system

- name: Setup autoupdate via cron
  cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes 
  tags: system

- name: Setup backup for bruno via cron
  cron: name=bkp minute=43 hour=02 user=bruno job="/usr/local/bin/mkbkp" cron_file=bkp state=present backup=yes 
  tags: system