# All hosts are debian 10
---
# remote
- hosts: remote
  become: yes
  handlers:
    - import_tasks: handlers.yml
  tasks:
    # Core
    - name: Install common packages
      apt:
        name:
          - apt-listchanges
          - apt-transport-https
          - ca-certificates
          - chrony
          - curl
          - git
          - gnupg2
          - htop
          - iperf3
          - mosh
          - nmap
          - oidentd
          - rsync
          - software-properties-common
          - speedtest-cli
          - tmux
          - unattended-upgrades
          - vim
          - weechat
          - zsh
        force_apt_get: yes
        update_cache: yes

    - name: Disable MOTDs
      command: chmod -x /etc/update-motd.d/10-uname
      args:
        warn: no

    - name: Set MOTD
      copy:
        src: files/motd
        dest: /etc/motd
        owner: root
        group: root
        mode: '0644'

    # TODO Change defaults
    - name: Configure unattended-upgrades
      copy:
        src: files/50unattended-upgrades
        dest: /etc/apt/apt.conf.d/50unattended-upgrades
        owner: root
        group: root
        mode: '0644'

    - name: Enable unattended-upgrades
      copy:
        src: files/20auto-upgrades
        dest: /etc/apt/apt.conf.d/20auto-upgrades
        owner: root
        group: root
        mode: '0644'

    - name: Disable power and reset buttons
      copy:
        src: files/logind.conf
        dest: /etc/systemd/logind.conf
        owner: root
        group: root
        mode: '0644'
      notify: Restart systemd-logind service

    # Core networking
    - name: Configure sshd_config to listen on 2222/22 and disable password auth
      copy:
        src: files/sshd_config
        dest: /etc/ssh/sshd_config
        owner: root
        group: root
        mode: '0644'
      notify: Restart sshd service

    ## Changes will take effect during next reboot
    ## (determined by unattended-upgrades)
    - name: Configure sysctl with IPv6 privacy extensions
      template:
        src: templates/local.conf.j2
        dest: /etc/sysctl.d/local.conf
        owner: root
        group: root
        mode: '0644'

    - name: Add Docker GPG key
      apt_key:
        url: https://download.docker.com/linux/debian/gpg

    - name: Add Docker APT repository
      apt_repository:
        repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable

    - name: Install Docker CE
      apt:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
        force_apt_get: yes
        update_cache: yes

    - name: Add joe to docker group
      user:
        name: joe
        groups: docker
        append: yes

    - name: Install weechat systemd service
      copy:
        src: files/weechat.service
        dest: /etc/systemd/system/weechat.service
        owner: root
        group: root
        mode: '0644'
      notify: Enable weechat service
    
    # Clone docker repo to start services