# catchall rugcms ansible uitrol script:
#
# - create rugcms group
# - create rugmcs user, lid van rugcms en homedir /local_disk
# - push ssh-keys rugcms user
# - copy .profile rugcms user
# - install packages
# - upgrade all rpms
# - disable selinux
# - disable firewalld
# - copy firewall.sh script
# - run firewall script
# - copy yum_debug_file for input on all installed packages
# - copy resolv.conf
# - copy sshd_conf
#
# Usage: $ ansible-playbook rugcms.yml 
---
- name: rugcms ansible  
  hosts: "{{ myhosts | default('acc')}}" 
  
  tasks:
    - group:
        name:  rugcms
        state: present

    - user:
        name: rugcms
        comment: "rugcms user"
        state: present
        group: rugcms
        home: /local_disk

    - authorized_key:
        user: rugcms 
        key: '{{ item }}'
        state: present
      with_items:
            - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl'
            - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga'

    - name: copy profile rugcms-user 
      copy:
          src: files/profile_rugcms
          dest: /local_disk/.profile
          owner: rugcms 
          group: rugcms 
          mode: 0700


    - name: Install epel-repo 
      yum: name=epel-release state=latest

    - name: Install ntp package
      yum: name=ntp state=latest
 
    - name: Install yum-utils
      yum: name=yum-utils state=latest

    - name: disable selinux
      selinux: state=disabled

    - name: start ntp service
      systemd:
          name: ntpd.service
          state: started
          enabled: yes 

    - name: disable firewalld
      systemd:
         name: firewalld.service
         enabled: no 

    - name: copy firewall
      copy: 
        src: files/firewall_acc.sh 
        dest: /root/firewall/firewall.sh
        owner: root
        group: root
        mode: 0700
    
    - script: chdir=/root/firewall firewall.sh 

    - name: copy yum_debug_dump 
      copy:
        src: files/yum_debug_dump.txt.gz
        dest: /root/yum_debug_dump.txt.gz
        owner: root
        group: root
        mode: 0600

    - command: yum-debug-restore /root/yum_debug_dump.txt.gz 

    - name: upgrade all packages
      yum: name=* state=latest

    - name: copy /etc/resolv.conf 
      copy:
        src: files/resolv.conf
        dest: /etc/resolv.conf
        owner: root
        group: root
        mode: 0644

    - name: copy /etc/ssh/sshd_config
      copy:
        src: files/sshd_config
        dest: /etc/ssh/sshd_config
        owner: root
        group: root
        mode: 0600

    - name: start sshd service
      systemd:
          name: sshd.service
          state: started
          enabled: yes

    - name: start postfix service
      systemd:
          name: postfix.service
          state: started
          enabled: yes