---
- name: install os specific roles
  include_role:
    name: "{{ role }}"
  with_items:
    - selinux        # selinux first to get fcontexts working
    - iptables
    - rsyslog
  loop_control:
    loop_var: role

- name: fix selinux context from /export
  sefcontext:
    path: "/export"
    setype: var_t

- name: check selinux context from /export
  command:
    argv:
      - matchpathcon
      - -V
      - /export
  register: result
  check_mode: false
  changed_when: false
  failed_when: false

- name: apply selinux context to /export
  command:
    argv:
      - restorecon
      - -iv
      - /export
  when: "' should be ' in result.stdout"

- name: enable tmpfs mount for /tmp
  service:
    name: tmp.mount
    state: started
    enabled: true

- name: install postfix
  include_role:
    name: postfix
  when: "'mail' not in group_names"

- name: install packages
  package:
    name: "{{ item }}"
    state: installed
  with_items:
    - bind-utils     # dig
    - bzip2          # bzip
    - cronie         # missing from fedora
    - curl           # curl
    - iotop          # monitor io usage
    - mailx          # send mail from cmd
    - nc             # netcat
    - net-tools      # ifconfig etc
    - rsync          # rsync
    - strace         # debugging
    - sysstat        # sa, sar
    - tar            # tar
    - tcpdump        # for network debugging
    - telnet         # test ports
    - vim-enhanced   # working vi :)
    - xterm          # resize

- name: disable grep colors
  file:
    dest: /etc/GREP_COLORS
    state: absent

- name: cron job for downloading yum updates
  cron:
    name: yum-downloadonly
    user: root
    hour: "3"
    minute: "{{ 59 | random(seed=inventory_hostname) }}"
    job: "yum -d 0 -e 0 -y --downloadonly update > /dev/null"