---
- name: put repos on system
  action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
  with_items:
  - epel6.repo
  - rhel6.repo
  only_if: '$is_rhel'
  tags:
  - config
  - packages

- name: default packages to install
  action: yum state=installed name=$item
  with_items:
  - joe
  - vim-enhanced
  - strace
  - telnet
  - nc
  - bind-utils
  - traceroute
  - openssh-clients
  - patch
  - xz
  - zsh
  tags:
  - packages

- name: default pkgs to remove
  action: yum state=removed name=$item
  with_items:
  - logwatch
  - firstboot-tui
  - bluez-utils
  - sendmail
  tags:
  - packages

- name: disabled services:
  action: service state=stopped enabled=false name=$item
  with_items:
  - yum-updatesd
  - gpm
  - rhnsd
  tags:
  - services
  - config

- name: set root passwd
  action: user name=root password=$rootpw state=present
  only_if: is_set('$rootpw')
  tags:
  - rootpw

- name: iptables
  action: template src=$item dest=/etc/sysconfig/iptables mode=600
  first_available_file:
    - $iptables
    - $files/iptables/iptables.${ansible_fqdn}
    - $files/iptables/iptables.${host_group}
    - $files/iptables/iptables
  notify:
  - restart iptables
  tags:
  - iptables
  - config

- name: sshd_config 
  action: copy src=$sshd_config dest=/etc/ssh/sshd_config mode=600
  first_available_file:
    - $sshd_config
    - $files/ssh/sshd_config.${ansible_fqdn}
    - $files/ssh/sshd_config.${host_group}
    - $files/ssh/sshd_config.${dist_tag}
  notify:
  - restart sshd
  tags:
  - sshd_config
  - config
  - sshd

# XXX fixme # a datacenter 'fact' from setup
- name: /etc/resolv.conf
  action: copy src=$resolvconf dest=/etc/resolv.conf
  first_available_file:
    - $resolvconf
    - $files/resolv.conf/${ansible_fqdn}
    - $files/resolv.conf/${host_group}
    - $files/resolv.conf/${datacenter}
    - $files/resolv.conf/resolv.conf
  tags:
  - config
  - resolvconf

- name: rsyslog.conf
  action: copy src=$rsyslogconf dest=/etc/rsyslog.conf mode=644
  first_available_file:
    - $rsyslogconf
    - $files/rsyslog/rsyslog.conf.${ansible_fqdn}
    - $files/rsyslog/rsyslog.conf.${host_group}
    - $files/rsyslog/rsyslog.conf.${datacenter}
    - $files/rsyslog/rsyslog.conf

  notify:
  - restart rsyslog
  tags:
  - rsyslogd
  - config

- name: /etc/postfix/main.cf
  action: copy src=$item dest=/etc/postfix/main.cf
  first_available_file:
    - $postfix_maincf
    - $files/postfix/main.cf.${ansible_fqdn}
    - $files/postfix/main.cf.${host_group}
    - $files/postfix/main.cf.${postfix_group}
    - $files/postfix/main.cf
  notify:
  - restart postfix
  tags:
  - postfix
  - config