---
- name: set correct hostname
  ansible.builtin.hostname:
    name: "{{ inventory_hostname }}"

- name: install os specific roles
  ansible.builtin.include_role:
    name: "{{ role }}"
  with_items:
    - selinux        # selinux first to get fcontexts working
    - rsyslog
  loop_control:
    loop_var: role

- name: install firewall
  ansible.builtin.include_role:
    name: iptables
  when: ansible_distribution_major_version|int <= 8

- name: install firewall
  ansible.builtin.include_role:
    name: nftables
  when: ansible_distribution_major_version|int >= 9

- name: fix selinux context from /export
  community.general.sefcontext:
    path: "/export"
    setype: var_t

- name: check selinux context from /export
  ansible.builtin.command:
    argv:
      - matchpathcon
      - -V
      - /export
  register: result
  check_mode: false
  changed_when: false
  failed_when: false

- name: apply selinux context to /export
  ansible.builtin.command:
    argv:
      - restorecon
      - -iv
      - /export
  when: "' should be ' in result.stdout"

- name: enable tmpfs mount for /tmp
  ansible.builtin.service:
    name: tmp.mount
    state: started
    enabled: true

- name: install postfix
  ansible.builtin.include_role:
    name: postfix
  when: "'mail' not in group_names"

- name: install packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - bind-utils     # dig
    - bzip2          # bzip
    - cronie         # missing from fedora
    - curl           # curl
    - iotop          # monitor io usage
    - nc             # netcat
    - net-tools      # ifconfig etc
    - psmisc         # pstree for debugging
    - rsync          # rsync
    - strace         # debugging
    - sysstat        # sa, sar
    - tar            # tar
    - tcpdump        # for network debugging
    - telnet         # test ports
    - tmpwatch       # tmp cleanup
    - usbutils       # lsusb
    - vim-enhanced   # working vi :)
    - xterm          # resize

- name: install el7/el8 packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - mailx
  when: ansible_distribution_major_version|int <= 8

- name: install el9 packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - s-nail
  when: ansible_distribution_major_version|int >= 9

- name: disable grep colors
  ansible.builtin.file:
    dest: /etc/GREP_COLORS
    state: absent

- name: store date and time for bash history
  ansible.builtin.copy:
    dest: /etc/profile.d/history.sh
    content: 'export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S  "'
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: cron job for downloading yum updates
  ansible.builtin.cron:
    name: yum-downloadonly
    user: root
    hour: "3"
    minute: "{{ 59 | random(seed=inventory_hostname) }}"
    job: "yum -d 0 -e 0 -y --downloadonly update > /dev/null"