---
- hosts: mosquito
  remote_user: root
  tasks:
    - name: Installation des paquets de base
      yum: name={{ item }} state=present
      with_items:
        - elinks
        - livecd-tools
        - colordiff
        - fpaste
        - wget
        - emacs-nox
        - glances
        - htop
        - iftop
        - iotop
        - lm_sensors
        - memtest86+
        - mined
        - powertop
        - rpmconf
        - screen
        - tmux
        - yum-plugin-fastestmirror
        - gpm
        - bash-completion
        - vim-enhanced
        - yum-plugin-verify
        - yum-updatesd
        - aide
        - postfix
        - mutt
        - nfs-utils
        - qemu-kvm
        - libvirt-client
        - libvirt-daemon
        - libvirt-daemon-driver-libxl 
        - libvirt-daemon-driver-nwfilter
        - libvirt-daemon-driver-storage
        - libvirt-daemon-driver-uml
        - libvirt-daemon-driver-network
        - libvirt-daemon-driver-xen
        - libvirt-daemon-driver-qemu
        - libvirt-daemon-driver-secret
        - libvirt-daemon-driver-interface
        - libvirt-daemon-driver-lxc
        - libvirt-daemon-driver-nodedev

    - name: Configuration yum sans delta rpm
      lineinfile: dest=/etc/yum.conf create=yes state=present insertafter="installonly_limit"
                  line="deltarpm=0"

    - name: Configuration yum affichage historique
      lineinfile: dest=/etc/yum.conf create=yes state=present insertafter="deltarpm=0"
                  line="history_list_view=cmds"

    - name: Configuration yum clean on remove
      lineinfile: dest=/etc/yum.conf create=yes state=present insertafter="history_list_view=cmds"
                  line="clean_requirements_on_remove=1"

    - name: Configuration écran rabattu systemd
      lineinfile: dest=/etc/systemd/logind.conf create=yes state=present insertafter="#HandleLidSwitch"
                  line="HandleLidSwitch=ignore"
      notify: reload systemd

    - name: Squelette bashrc
      copy: src="files/bashrc" dest=/etc/skel/.bashrc mode=644

    - name: Root bashrc
      copy: src="files/bashrc" dest=/root/.bashrc mode=644

    - name: Squelette emacs rc
      copy: src="files/emacs.rc" dest=/etc/skel/.emacs mode=644

    - name: Root emacs rc
      copy: src="files/emacs.rc" dest=/root/.emacs mode=644

    - name: Installation du miroir updates
      copy: src=files/updates-fantom.repo dest=/etc/yum.repos.d/updates-fantom.repo
      notify: disable updates

    - name: Installation du miroir updates-testing
      copy: src=files/updates-testing-fantom.repo dest=/etc/yum.repos.d/updates-testing-fantom.repo
      notify: disable updates

    - name: Télécharge le paquet linux_logo fedora pour F20
      get_url: dest=/tmp/linux_logo.rpm url=http://fantom.fedorapeople.org/linux_logo-5.11-6.fc20.x86_64.rpm
      when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64"

    - name: Télécharge le paquet linux_logo fedora pour F21
      get_url: dest=/tmp/linux_logo.rpm url=http://fantom.fedorapeople.org/linux_logo-5.11-6.fc21.x86_64.rpm
      when: ansible_distribution_version|int == 21 and ansible_architecture == "x86_64"

    - name: Installe le paquet linux_logo fedora
      yum: pkg=/tmp/linux_logo.rpm state=installed

    - name: Ajoute le paquet linux_logo fedora en Exclude
      lineinfile: dest=/etc/yum.conf create=yes state=present insertafter="clean_requirements_on_remove=1"
                  line="exclude=linux_logo"

    - name: Installation de la clé ssh pour l'utilisateur root
      authorized_key: user=root key="{{lookup('file', 'files/id_rsa.pub') }}" manage_dir=yes

    - name: Configuration du démon SSH
      lineinfile: dest=/etc/ssh/sshd_config state=present backrefs=yes regexp="^PasswordAuthentication yes"
                  line="PasswordAuthentication no"
      notify: restart sshd

    - name: Serveurs NTP 0.fedora.pool.ntp.org désactivé
      lineinfile: dest=/etc/chrony.conf state=present backrefs=yes regexp="^server 0.fedora.pool.ntp.org"
                  line="#server 0.fedora.pool.ntp.org"
      notify: restart chrony

    - name: Serveurs NTP 1.fedora.pool.ntp.org désactivé
      lineinfile: dest=/etc/chrony.conf state=present backrefs=yes regexp="^server 1.fedora.pool.ntp.org"
                  line="#server 1.fedora.pool.ntp.org"
      notify: restart chrony

    - name: Serveurs NTP 2.fedora.pool.ntp.org désactivé
      lineinfile: dest=/etc/chrony.conf state=present backrefs=yes regexp="^server 2.fedora.pool.ntp.org"
                  line="#server 2.fedora.pool.ntp.org"
      notify: restart chrony

    - name: Serveurs NTP 3.fedora.pool.ntp.org désactivé
      lineinfile: dest=/etc/chrony.conf state=present backrefs=yes regexp="^server 3.fedora.pool.ntp.org"
                  line="#server 3.fedora.pool.ntp.org"
      notify: restart chrony

    - name: Configuration serveur NTP actif
      lineinfile: dest=/etc/chrony.conf create=yes state=present insertafter="#server 3.fedora.pool.ntp.org"
                  line="server ntp1.casperlefantom.net iburst"
      notify: restart chrony

    - name: Installation de mon autorité de certification
      copy: src=files/root.pem dest=/etc/pki/ca-trust/source/anchors/root.pem mode=444
      notify: ca trust

    - name: Installation de l'autorité de certification CACert
      copy: src=files/cacert.pem dest=/etc/pki/ca-trust/source/anchors/cacert.pem mode=444
      notify: ca trust

    - name: yum-updatesd lancé toutes les 3h au lieu de 1h
      lineinfile: dest=/etc/yum/yum-updatesd.conf state=present backrefs=yes regexp="^run_interval = 3600"
                  line="run_interval = 10800"

    - name: yum-updatesd actualise toutes les 30min au lieu de 10min
      lineinfile: dest=/etc/yum/yum-updatesd.conf state=present backrefs=yes regexp="^updaterefresh = 600"
                  line="updaterefresh = 1800"

    - name: yum-updatesd informe mise à jour par email
      lineinfile: dest=/etc/yum/yum-updatesd.conf state=present backrefs=yes regexp="^emit_via = dbus"
                  line="emit_via = email"

    - name: yum-updatesd installe les mise à jour disponibles
      lineinfile: dest=/etc/yum/yum-updatesd.conf state=present backrefs=yes regexp="^do_update = no"
                  line="do_update = yes"

    - name: État du service yum-updatesd
      service: name=yum-updatesd state=started enabled=yes

    - name: État du service postfix
      service: name=postfix state=started enabled=yes

    - name: État du service libvirtd
      service: name=libvirtd state=stopped enabled=no

    - name: Configuration cron reboot auto
      copy: src=files/auto-reboot.cron dest=/etc/cron.d/auto-reboot mode=644

    - name: Configuration cron rapport disques durs
      copy: src=files/diskreport.sh dest=/etc/cron.daily/diskreport.sh mode=755

    - name: Configuration cron rapport SELinux
      copy: src=files/eaureport.sh dest=/etc/cron.daily/eaureport.sh mode=755

    - name: Configuration cron rapport RPM Verify
      copy: src=files/rpmreport.sh dest=/etc/cron.daily/rpmreport.sh mode=755

    - name: Configuration cron relabel système de fichier
      copy: src=files/selinuxresto.sh dest=/etc/cron.monthly/selinuxresto.sh mode=755

    - name: Configuration cron tests disques durs
      copy: src=files/diskcheck.sh dest=/etc/cron.weekly/diskcheck.sh mode=755

    - name: Installation du HIDS AIDE
      copy: src=files/z-aidereport.sh dest=/etc/cron.daily/z-aidereport.sh mode=755
      notify: initialize aide

    - name: Configuration de la variable EDITOR
      lineinfile: dest=/root/bin/setvars create=yes state=present
                  line="export EDITOR=emacs"



  handlers:
    - name: restart sshd
      service: name=sshd state=restarted

    - name: initialize aide
      script: files/aideinit.sh

    - name: restart chrony
      service: name=chronyd state=restarted

    - name: ca trust
      command: /usr/bin/update-ca-trust

    - name: reload systemd
      command: /usr/bin/systemctl --system daemon-reload

    - name: disable updates
      command: /usr/bin/yum-config-manager --disable updates