---
# Defines tasks applicable across all machines in the infrastructure.
- name: Set up closest mirror autoselect (Ubuntu-only)
  template: src=apt_sources.list.j2 dest=/etc/apt/sources.list
  when: ansible_distribution == 'Ubuntu'
  tags:
    - dependencies

- name: Update apt cache
  apt: update_cache=yes
  tags:
    - dependencies

- name: Upgrade all safe packages
  apt: upgrade=safe
  tags:
    - dependencies

- name: Install necessities and nice-to-haves
  apt: pkg={{ item }} state=installed
  with_items:
    - apache2
    - apt-transport-https
    - apticron
    - build-essential
    - debian-goodies
    - git
    - htop
    - iftop
    - iotop
    - molly-guard
    - mosh
    - python-software-properties
    - ruby
    - screen
    - sudo
    - unattended-upgrades
    - vim
    - zsh
  tags:
    - dependencies

- name: Set timezone to UTC
  action: shell echo Etc/UTC > /etc/timezone

- name: Set localtime to UTC
  file: src=/usr/share/zoneinfo/Etc/UTC dest=/etc/localtime

- name: Reconfigure tzdata
  action: command dpkg-reconfigure -f noninteractive tzdata

- name: Apticron email configuration
  template: src=apticron.conf.j2 dest=/etc/apticron/apticron.conf

- name: Create decrypted directory (even if encfs isn't used)
  file: state=directory path=/decrypted

- name: Set decrypted directory permissions
  file: state=directory path=/decrypted group=mail mode=775

- include: encfs.yml tags=encfs
- include: users.yml tags=users
- include: apache.yml tags=apache
- include: ssl.yml tags=ssl
- include: ufw.yml tags=ufw
- include: security.yml tags=security
- include: ntp.yml tags=ntp
- include: google_auth.yml tags=google_auth