---
# vim: set expandtab tabstop=2 shiftwidth=2:

# pre dependencies:

- name: "aptitude should clean on install/upgrades"
  copy:
    dest: /etc/apt/apt.conf.d/99AutomaticClean
    content: |
      Aptitude::Clean-After-Install "{{value}}";
    owner: root
    group: root
    mode: 0644
  vars:
    value: "{{'true'  if true == apt_clean_after_install or apt_proxy is defined else  'false'}}"
- name: "Use proxy for apt http"
  when: "apt_proxy is defined"
  copy:
    dest: /etc/apt/apt.conf.d/99proxy
    content: |
      Acquire::http { Proxy {{apt_proxy|quote()}}; }
    owner: root
    group: root
    mode: 0644
- name: install packages
  apt:
    force: no
    name: 
    - aptitude
- set_fact:
    crap_packages:
    - cloud-init
    - vim-tiny
    - landscape-common
    - snapd
    - ubuntu-advantage-tools
    - unattended-upgrades
- name: remove unwanted packages
  apt:
    state: absent
    name: '{{crap_packages}}'
- name: stay away packages
  dpkg_selections:
    selection: hold
    name: '{{item}}'
  with_items: '{{crap_packages}}'
- name: safe-upgrade
  apt:
    upgrade: safe
    update_cache: yes

# check capabilities:

- name: check mailer
  shell: |
    aptitude search '~Pmail-transport-agent' | sed -ne '/^i/{s/^i *//;s/^  *.*//;s/  *.*//;p}' | grep \\S
  register: mailer
  failed_when: "mailer.rc != 1 and mailer.rc != 0"
  changed_when: 'false'

- set_fact:
    has_nullmailer: '{{mailer.rc == 1 or mailer.stdout=="nullmailer"}}'

# installation packages:

- name: install packages
  apt:
    force: no
    name: '{{lookup("flattened", items)}}'
    update_cache: yes
  vars:
    items:
    - ack
    - '{{ []  if is_virt_guest else  ["chrony", "smartmontools"] }}'
    - cron-apt
    - curl
    - etckeeper
    - file
    - fizsh
    - git
    - gpgconf
    - haveged
    - htop
    - inetutils-ping
    - inetutils-traceroute
    - knot-dnsutils
    - krb5-user
    - ldap-utils
    - locales
    - lsof
    - lvm2
    - mosh
    - mtr-tiny
    - ncdu
    - net-tools
    - '{{ ["nullmailer"]  if has_nullmailer else  [] }}'
    - openssh-server
    - progress
    - pv
    - '{{ ["rng-tools"]  if has_hwrng else  [] }}'
    - rsync
    - rsyslog
    - socat
    - sudo
    - systemd
    - systemd-sysv
    - tmux
    - tzdata
    - unzip
    - usrmerge
    - vim-nox
    - '{{ []  if is_container else  ["xfsdump", "xfsprogs"] }}'
    - '{{ needed_debs  if needed_debs is defined else  [] }}'
    - '{{ logcompress_algo  if logcompress_algo else  [] }}'

# remove garbage:

- name: 'no ubuntu adverts'
  when: '"ubuntu" == ansible_distribution'
  block:
  - name: no ubuntu-motd-adverts
    lineinfile:
      path: /etc/default/motd-news
      line: ENABLED=0
      regexp: '^ENABLED='
      create: yes
  - name: no ubuntu-cloudguest-adverts
    file:
      path: /etc/update-motd.d/51-cloudguest
      state: absent
  - name: 'no ubuntu-"documentation"-adverts'
    copy:
      dest: /etc/update-motd.d/10-help-text
      mode: 0644
      content: ''

# configure system:

- name: set alternatives
  alternatives:
    name: "{{item.key}}"
    path: "{{item.value}}"
  with_dict:
    editor:  /usr/bin/vim.nox
    vim:     /usr/bin/vim.nox
    vimdiff: /usr/bin/vim.nox
    vi:      /usr/bin/vim.nox
    view:    /usr/bin/vim.nox

- name: copy configs
  copy:
    src:    "{{item.key}}"
    dest:   "{{item.value}}"
    owner:  root
    group:  root
    mode:   0644
  with_dict:
    cron-apt/action.d/6-upgrade: /etc/cron-apt/action.d/6-upgrade
    cron-apt/cron-apt.service: /etc/systemd/system/cron-apt.service
    cron-apt/cron-apt.timer: /etc/systemd/system/cron-apt.timer
  notify:
  - restart services

- name: no cron-apt crontabs
  lineinfile:
    path: /etc/cron.d/cron-apt
    line: '# 0 4 * * * root  test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt'
    regexp: '^\s*[^#].*/usr/sbin/cron-apt'

- name: copy configs
  template:
    src:    "{{item.key}}"
    dest:   "{{item.value}}"
    owner:  root
    group:  root
    mode:   0644
  with_dict:
    cron-apt/config.j2:           /etc/cron-apt/config
  notify:
  - restart services

- name: generates locales
  community.general.locale_gen:
    name: "{{locales}}"
    state: present
- name: default locale
  copy:
    dest: /etc/default/locale
    content: |
      LANG={{locale_default | default("C") | mandatory}}
    owner: root
    group: root
    mode: 0644

- include_tasks: sshd_config.yml
- include_tasks: ohmyzsh.yml
- include_tasks: systemd.yml
- include_tasks: users.yml

- name: update timezone
  command: dpkg-reconfigure --frontend noninteractive tzdata

- name: setup mailname
  copy:
    dest: /etc/mailname
    content: |
      {{sys_mailname | default(ansible_fqdn) | mandatory}}
    owner: root
    group: root
    mode: 0644
- name: setup nullmailer remote
  when: "mailer.changed"
  copy:
    dest: /etc/nullmailer/remotes
    content: |
      {{mail_relay_host}} smtp
    owner: root
    group: mail
    mode: 0640
  notify:
  - restart nullmailer

- name: setup nullmailer domain
  when: "mailer.changed"
  copy:
    dest: /etc/nullmailer/defaultdomain
    content: 'denkn.at'
    owner: root
    group: mail
    mode: 0640
  notify:
  - restart nullmailer

- name: 'dig -> kdig and other knot-utils'
  file:
    state: link
    path: '/usr/local/bin/{{item}}'
    src: '../../bin/k{{item}}'
  with_items: [dig, nsupdate]

- name: enable service
  systemd: 
    name: '{{item}}'
    enabled: yes
    state: started
  with_items:
  - ssh.service
  - cron-apt.timer