---

- name: /tmp must be world-writable
  file:
    path: /tmp
    state: directory
    mode: "u=rwx,g=rwx,o=rwxt"
  when: evolinux_system_chmod_tmp

- name: Setting default locales
  lineinfile:
    dest: /etc/locale.gen
    line: "{{ item }}"
    create: yes
    state: present
  loop:
    - "en_US.UTF-8 UTF-8"
    - "fr_FR ISO-8859-1"
    - "fr_FR.UTF-8 UTF-8"
  register: default_locales
  when: evolinux_system_locales

- name: Reconfigure locales
  command: /usr/sbin/locale-gen
  when: evolinux_system_locales and default_locales is changed

- name: Setting default timezone
  timezone:
    name: "{{ evolinux_system_timezone | mandatory }}"
  notify: restart cron
  when: evolinux_system_set_timezone

# TODO : find a way to force the console-data configuration
# non-interactively (like tzdata ↑)

- include_role:
    name: evolix/remount-usr

- name: Ensure automagic vim conf is disabled
  lineinfile:
    dest: /etc/vim/vimrc
    regexp: 'let g:skip_defaults_vim ='
    line: 'let g:skip_defaults_vim = 1'
  when: evolinux_system_vim_skip_defaults

- name: Setting vim as default editor
  alternatives:
    name: editor
    path: /usr/bin/vim.basic
  when: evolinux_system_vim_default_editor

- name: Add "umask 027" to /etc/profile.d/evolinux.sh
  lineinfile:
    dest: /etc/profile.d/evolinux.sh
    line: "umask 027"
    create: yes
    state: present
  when: evolinux_system_profile

- name: Set /etc/adduser.conf DIR_MODE to 0700
  replace:
    dest: /etc/adduser.conf
    regexp: "^DIR_MODE=0755$"
    replace: "DIR_MODE=0700"
  when: evolinux_system_dirmode_adduser

# TODO: trouver comment ne pas faire ça sur Xen Dom-U

- name: Deactivating login on all tty except tty2
  lineinfile:
    dest: /etc/securetty
    line: "tty2"
    create: yes
    state: present
  when: evolinux_system_restrict_securetty

- name: Setting TMOUT to disconnect inactive users
  lineinfile:
    dest: /etc/profile.d/evolinux.sh
    line: "export TMOUT=36000"
    create: yes
    state: present
  when: evolinux_system_set_timeout

#- name: Customizing /etc/fstab

- name: Check if cron is installed
  shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
  failed_when: False
  changed_when: False
  check_mode: no
  register: is_cron_installed

- name: Set verbose logging for cron deamon
  lineinfile:
    dest: /etc/default/cron
    line: "EXTRA_OPTS='-L 15'"
    create: yes
    state: present
  when: is_cron_installed.rc == 0 and evolinux_system_cron_verboselog

- name: Modify default umask for cron deamon
  lineinfile:
    dest: /etc/default/cron
    line: "umask 022"
    create: yes
    state: present
  when: is_cron_installed.rc == 0 and evolinux_system_cron_umask

- name: Randomize periodic crontabs
  replace:
    dest: /etc/crontab
    regexp:  "{{ item.regexp }}"
    replace: "{{ item.replace }}"
  loop:
  - { regexp: '^17((\s*\*){4})',         replace: '{{ 59|random(start=1) }}\1' }
  - { regexp: '^25\s*6((\s*\*){3})',     replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
  - { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
  - { regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
  when: is_cron_installed.rc == 0 and evolinux_system_cron_random

- include_role:
    name: evolix/ntpd

## alert5

- name: Install alert5 init script (jessie/stretch)
  template:
    src: system/alert5.sysvinit.j2
    dest: /etc/init.d/alert5
    force: no
    mode: "0755"
  when:
    - evolinux_system_alert5_init
    - ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"

- name: Enable alert5 init script (jessie/stretch)
  service:
    name: alert5
    enabled: yes
  when:
    - evolinux_system_alert5_init
    - evolinux_system_alert5_enable
    - ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"



- name: Install alert5 init script (buster)
  template:
    src: system/alert5.sh.j2
    dest: /usr/share/scripts/alert5.sh
    force: no
    mode: "0755"
  when:
    - evolinux_system_alert5_init
    - ansible_distribution_major_version is version('10', '>=')

- name: Install alert5 service (buster)
  copy:
    src: alert5.service
    dest: /etc/systemd/system/alert5.service
    force: yes
    mode: "0644"
  when:
    - evolinux_system_alert5_init
    - ansible_distribution_major_version is version('10', '>=')

- name: Enable alert5 init script (buster)
  systemd:
    name: alert5
    daemon_reload: yes
    enabled: yes
  when:
    - evolinux_system_alert5_init
    - evolinux_system_alert5_enable
    - ansible_distribution_major_version is version('10', '>=')

## network interfaces

- name: "Is there an \"allow-hotplug\" interface ?"
  command: grep allow-hotplug /etc/network/interfaces
  failed_when: False
  changed_when: False
  check_mode: no
  register: grep_hotplug_eni

- name: "Network interfaces must be \"auto\" and not \"allow-hotplug\""
  replace:
    dest: /etc/network/interfaces
    regexp: "allow-hotplug"
    replace: "auto"
  when: evolinux_system_eni_auto and grep_hotplug_eni.rc == 0

## /sbin/deny

- name: "/sbin/deny script is present"
  copy:
    src: deny.sh
    dest: /sbin/deny
    mode: "0700"
    owner: root
    group: root
    force: no

- meta: flush_handlers