- name: make lockbox
  hosts: lockbox
  user: root
  gather_facts: False

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
  - include: "{{ tasks }}/virt_instance_create.yml"

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

- name: make the box be real
  hosts: lockbox
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - base
  - rkhunter
  - denyhosts
  - nagios_client
  - hosts
  - fas_client
  - ansible-server
  - sudo
  - collectd/base

  tasks:
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"

  handlers:
  - include: "{{ handlers }}/restart_services.yml"


- name: configure lockbox
  hosts: lockbox
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
  - name: install needed packages
    yum: pkg={{ item }} state=present
    with_items:
    - httpd

  - name: create directories for local git repos
    file: path=/srv/git/{{ item.path }} state=directory owner=root group=root mode=1775
    with_items: gitrepos

  - name: initialize git repos
    command: chdir=/srv/git/{{ item.path }} creates={{ item.path }}/HEAD git init --bare
    with_items: gitrepos

  - name: create ansible base working directory
    file: path=/srv/ansible state=directory owner=root group=root mode=1775

  - name: create directory for serving kickstarts
    file: path=/var/www/html/ks state=directory owner=apache group=apache mode=1755