---
- name: load distrubtion specific variables
  include_vars: "{{ item }}"
  with_first_found:
    - files:
        - "{{ ansible_distribution_release }}.yml"
        - "{{ ansible_distribution }}.yml"
      skip: true

- name: disable recommends and suggests
  copy:
    src: 02no-recommends
    dest: /etc/apt/apt.conf.d/

- name: install base system tools
  apt:
    name:
    - htop
    - dstat
    - lsof
    - gawk
    - psmisc
    - less
    - debian-goodies
    - screen
    - mtr-tiny
    - tcpdump
    - iptraf-ng
    - unp
    - dbus
    - libpam-systemd
    - aptitude
    - ca-certificates
    - file
    - man-db
    - manpages
    - nano
    state: present


- name: install rngd
  when: base_entropy_generator == 'rngd'
  block:
  - name: install rngd
    apt:
      name: "{{ base_rngd_package_name }}"
      state: present

  - name: make sure haveged is removed/purged
    apt:
      name: haveged
      state: absent
      purge: yes


- name: install haveged
  when: base_entropy_generator == 'haveged'
  block:
  - name: install haveged
    apt:
      name: haveged
      state: present

  - name: make sure rngd is removed/purged
    apt:
      name: "{{ base_rngd_package_name }}"
      state: absent
      purge: yes


- name: Remove startup message from screen
  lineinfile:
    regexp: "^startup_message"
    line: "startup_message off"
    dest: /etc/screenrc
    mode: 0644
  tags:
  - screen

- name: install htop config (1/2)
  loop:
    - /root
    - /etc/skel
  file:
    name: "{{ item }}/.config/htop/"
    state: directory
    mode: 0700

- name: install htop config (2/2)
  loop:
    - /root
    - /etc/skel
  copy:
    src: "{{ global_files_dir }}/common/htoprc"
    dest: "{{ item }}/.config/htop/"

- name: Ensure /root is not world accessible
  file:
    path: /root
    mode: 0700
    owner: root
    group: root
    state: directory

- name: disable net/fs/misc kernel modules
  loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"
  lineinfile:
    dest: /etc/modprobe.d/disablemod.conf
    line: "install {{ item }} /bin/true"
    create: yes
    owner: root
    group: root
    mode: 0644

- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
  loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}"
  loop_control:
    label: "{{ item.key }} = {{ item.value }}"
  sysctl:
    name: "{{ item.key }}"
    value: "{{ item.value }}"
    sysctl_set: yes
    state: present
    reload: yes
    ignoreerrors: yes

- name: install extra packages
  apt:
    name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}"
    state: present

- name: set kernel command line options
  lineinfile:
    path: /etc/default/grub
    regexp: '^#?GRUB_CMDLINE_LINUX='
    line: 'GRUB_CMDLINE_LINUX="{{ install.kernel_cmdline | join(" ") }}"'
  when: install is defined and install.kernel_cmdline is defined
  notify: update grub