---
- name: check support
  fail:
    msg: Role not supported in your system
  when: ansible_os_family != "RedHat"

- name: install ansible packages
  package:
    name: "{{ item }}"
    state: installed
  with_items:
    - ansible
    - git
    - python3-netaddr   # required by iptables role

- name: create private directory and force permissions
  file:
    path: /export/private
    owner: root
    group: root
    mode: 0700
    state: directory

- name: link private directory
  file:
    src: "/export/private"
    dest: "/srv/private"
    owner: root
    group: "{{ ansible_wheel }}"
    state: link
    follow: false

- name: allow http server to access /srv/ansible
  sefcontext:
    path: /srv/ansible(/.*)?
    setype: httpd_sys_content_t
- name: clone ansible repository
  git:
    dest: /srv/ansible
    repo: https://git.foo.sh/ansible.git
    update: false

- name: link facts to nginx
  file:
    src: "/srv/ansible/facts"
    dest: "/srv/web/{{ inventory_hostname }}/facts"
    owner: root
    group: "{{ ansible_wheel }}"
    state: link
    follow: false

- name: create nginx conf
  copy:
    src: nginx.conf
    dest: /etc/nginx/conf.d/{{ inventory_hostname }}/ansible.conf
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart nginx

- name: add custom .bashrc for root
  copy:
    dest: /root/.bashrc
    src: root-bashrc.sh
    owner: root
    group: "{{ ansible_wheel }}"
    mode: 0600