---
- name: Include public variables.
  include_vars: ../public/vars.yml
- name: Include private variables.
  include_vars: ../private/vars.yml

- name: Configure hostname.
  become: yes
  copy:
    content: "{{ item.content }}"
    dest: "{{ item.file }}"
  loop:
  - { file: /etc/hostname,
      content: "{{ inventory_hostname }}\n" }
  - { file: /etc/mailname,
      content: "{{ inventory_hostname }}.{{ domain_priv }}\n" }

- name: Update hostname.
  become: yes
  command: hostname -F /etc/hostname
  when: inventory_hostname != ansible_hostname

- name: Configure resolved.
  become: yes
  lineinfile:
    path: /etc/systemd/resolved.conf
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  loop:
  - { regexp: '^ *DNS *=', line: "DNS={{ core_addr }}" }
  - { regexp: '^ *FallbackDNS *=', line: "FallbackDNS=8.8.8.8" }
  - { regexp: '^ *Domains *=', line: "Domains={{ domain_priv }}" }
  notify:
  - Reload Systemd.
  - Restart Systemd resolved.

- name: Configure timesyncd.
  become: yes
  lineinfile:
    path: /etc/systemd/timesyncd.conf
    line: NTP=ntp.{{ domain_priv }}
  notify: Restart systemd-timesyncd.

- name: Add {{ ansible_user }} to system groups.
  become: yes
  user:
    name: "{{ ansible_user }}"
    append: yes
    groups: root,adm

- name: Install basic software.
  become: yes
  apt: pkg=unattended-upgrades

- name: Install Postfix.
  become: yes
  apt: pkg=postfix

- name: Configure Postfix.
  become: yes
  lineinfile:
    path: /etc/postfix/main.cf
    regexp: "^ *{{ item.p }} *="
    line: "{{ item.p }} = {{ item.v }}"
  loop:
  - p: smtpd_relay_restrictions
    v: permit_mynetworks reject_unauth_destination
  - { p: message_size_limit, v: 104857600 }
  - { p: delay_warning_time, v: 1h }
  - { p: maximal_queue_lifetime, v: 4h }
  - { p: bounce_queue_lifetime, v: 4h }
  - { p: home_mailbox, v: Maildir/ }
  - { p: myhostname,
      v: "{{ inventory_hostname }}.{{ domain_priv }}" }
  - { p: mydestination,
      v: "{{ postfix_mydestination | default('') }}" }
  - { p: relayhost, v: "[smtp.{{ domain_priv }}]" }
  - { p: inet_interfaces, v: loopback-only }
  notify: Restart Postfix.

- name: Enable/Start Postfix.
  become: yes
  systemd:
    service: postfix
    enabled: yes
    state: started

- name: Set domain name.
  become: yes
  vars:
    name: "{{ inventory_hostname }}"
  lineinfile:
    path: /etc/hosts
    regexp: "^127.0.1.1[ 	].*"
    line: "127.0.1.1	{{ name }}.{{ domain_priv }} {{ name }}"

- name: Install NRPE.
  become: yes
  apt:
    pkg: [ nagios-nrpe-server, lm-sensors ]

- name: Install inst_sensors NAGIOS plugin.
  become: yes
  copy:
    src: ../core/files/inst_sensors
    dest: /usr/local/sbin/inst_sensors
    mode: u=rwx,g=rx,o=rx

- name: Configure NRPE server.
  become: yes
  copy:
    content: |
      allowed_hosts=127.0.0.1,::1,{{ core_addr }}
    dest: /etc/nagios/nrpe_local.cfg
  notify: Reload NRPE server.

- name: Configure NRPE commands.
  become: yes
  copy:
    src: nrpe.cfg
    dest: /etc/nagios/nrpe.d/institute.cfg
  notify: Reload NRPE server.

- name: Enable/Start NRPE server.
  become: yes
  systemd:
    service: nagios-nrpe-server
    enabled: yes
    state: started