sovereign/roles/common/tasks/main.yml

---

- name: Set hostname
  hostname: name="{{ server_fqdn }}"

- name: Replace /etc/hosts
  template: src=etc_hosts.j2 dest=/etc/hosts

- name: Update apt cache
  apt: update_cache=yes
  tags:
    - dependencies

- name: Upgrade all safe packages
  apt: upgrade=safe
  tags:
    - dependencies

- name: Install necessities and nice-to-haves
  apt:
    name: "{{ packages }}"
    state: present
  vars:
    packages:
    - acl
    - apache2
    - apt-transport-https
    - apticron
    - build-essential
    - debian-goodies
    - git
    - htop
    - iftop
    - iotop
    - molly-guard
    - mosh
    - python3-software-properties
    - ruby
    - screen
    - sudo
    - tmux
    - unattended-upgrades
    - vim
    - zsh
  tags:
    - dependencies

- name: timezone - configure /etc/timezone
  copy:
    content: "{{ common_timezone | regex_replace('$', '\n') }}"
    dest: /etc/timezone
    owner: root
    group: root
    mode: 0644
  register: common_timezone_config

- name: timezone - Set localtime to UTC
  file: src=/usr/share/zoneinfo/Etc/UTC dest=/etc/localtime
  when: common_timezone_config.changed

- name: timezone - reconfigure tzdata
  command: dpkg-reconfigure --frontend noninteractive tzdata
  when: common_timezone_config.changed

- name: Apticron email configuration
  template: src=apticron.conf.j2 dest=/etc/apticron/apticron.conf

- name: Create data directory
  file: state=directory path=/data

- name: Set data directory permissions
  file: state=directory path=/data group=mail mode=0775

- name: Ensure US English locale exists
  locale_gen:
    name: en_US.UTF-8
    state: present

- name: Ensure German locale exists
  locale_gen:
    name: de_DE.UTF-8
    state: present

- include: users.yml tags=users
- include: apache.yml tags=apache
- include: ssl.yml tags=ssl
- include: letsencrypt.yml tags=letsencrypt
- include: ufw.yml tags=ufw
- include: security.yml tags=security
- include: ntp.yml tags=ntp
- include: postgres.yml