---
- name: disable recommends and suggests
  copy:
    src: 02no-recommends
    dest: /etc/apt/apt.conf.d/

- name: install base system tools
  apt:
    name:
    - htop
    - dstat
    - lsof
    - gawk
    - psmisc
    - less
    - debian-goodies
    - screen
    - mtr-tiny
    - tcpdump
    - iptraf-ng
    - unp
    - haveged
    - dbus
    - libpam-systemd
    - aptitude
    - ca-certificates
    - file
    - man-db
    - manpages
    - nano
    state: present

- name: Remove startup message from screen
  lineinfile:
    regexp: "^startup_message"
    line: "startup_message off"
    dest: /etc/screenrc
    mode: 0644
  tags:
  - screen

- name: install htop config (1/2)
  with_items:
  - /root
  - /etc/skel
  file:
    name: "{{ item }}/.config/htop/"
    state: directory
    mode: 0700

- name: install htop config (2/2)
  with_items:
  - /root
  - /etc/skel
  copy:
    src: htoprc
    dest: "{{ item }}/.config/htop/"

- name: Ensure /root is not world accessible
  file:
    path: /root
    mode: 0700
    owner: root
    group: root
    state: directory

- name: disable net/fs/misc kernel modules
  lineinfile:
    dest: /etc/modprobe.d/disablemod.conf
    line: "install {{ item }} /bin/true"
    create: yes
    owner: root
    group: root
    mode: 0644
  with_items: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"

- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
  sysctl:
    name: "{{ item.key }}"
    value: "{{ item.value }}"
    sysctl_set: yes
    state: present
    reload: yes
    ignoreerrors: yes
  with_dict: "{{ sysctl_config | combine(sysctl_config_user) }}"

- name: install extra packages
  apt:
    name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}"
    state: present