ansible_linux_setup/roles/common/tasks/main.yml

---
- name: Upgrade packages
  apt:
    upgrade: full

- name: Install packages
  apt:
    name: "{{packages_to_install}}"
    state: present
    update_cache: yes
    allow_unauthenticated: yes

- name: Install mozilla/sops
  get_url:
    url: https://github.com/mozilla/sops/releases/download/v3.5.0/sops-v3.5.0.linux
    dest: /usr/bin/sops
    mode: "0755"
    owner: root
    group: root
  
- name: Enable dm_crypt module
  modprobe:
    name: dm_crypt
    state: present

- name: Enable compress on logrotate
  lineinfile:
    dest: /etc/logrotate.conf
    regexp: "^#?compress"
    line: "compress"
    state: present

# - name: Send logcheck results to right email address
#   lineinfile:
#     dest: /etc/logcheck/logcheck.conf
#     regexp: "^#?SENDMAILTO="
#     line: "SENDMAILTO=\"{{dot_forward_email}}\""
#     state: present

# - name: Copy local logcheck ignore rules
#   copy:
#     src: templates/local-rules
#     dest: /etc/logcheck/ignore.d.server/local-rules
#     owner: root
#     group: logcheck
#     mode: u=rw,g=r,o=r

- name: Configure timezone
  timezone:
    name: "{{timezone}}"

- name: Configure ntp client and restart it
  template:
    src: ntp.conf.j2
    dest: /etc/ntp.conf
  notify:
    - restart ntp
    - restart cron

- name: Set up exim4 conf
  template:
    src: update-exim4.conf.conf.j2
    dest: /etc/exim4/update-exim4.conf.conf
    owner: root
    group: root
    mode: 0644

- name: Set up exim4 password file
  template:
    src: passwd.client.j2
    dest: /etc/exim4/passwd.client
    owner: root
    group: Debian-exim
    mode: 0640

- name: Set up exim4 localmacros
  template:
    src: exim4.conf.localmacros.j2
    dest: /etc/exim4/exim4.conf.localmacros
    owner: root
    group: root
    mode: 0644
  notify: restart exim4

- name: Make fail2ban work with ufw
  lineinfile:
    dest: "{{item}}"
    regexp: "^banaction"
    line: "banaction = ufw"
    state: present
  with_items:
    - /etc/fail2ban/jail.conf
    - /etc/fail2ban/jail.local
  notify:
    - restart fail2ban