---

- name: Deploy journald.conf
  template: src=journald.conf.j2 dest=/etc/systemd/journald.conf
  when: ansible_service_mgr == 'systemd'
  notify: restart journald

- name: Allow userspace to trigger kernel autoload of modules
  seboolean: name=domain_kernel_load_modules state=yes persistent=yes
  when: ansible_selinux.status == 'enabled'
  tags: selinux

- name: Configure kmod to load
  copy: content={{ system_kmods | join("\n") }} dest=/etc/modules-load.d/system.conf
  register: system_kmods_file

- name: Load needed kmods
  service: name=systemd-modules-load state=restarted
  when: system_kmods_file.changed

- name: Set SELinux booleans
  seboolean: name={{ item.name }} state={{ item.state }} persistent={{ item.persistent | default(True) }}
  when: ansible_selinux.status == 'enabled'
  with_items: "{{ sebool }}"

- name: Set logrotate_t to permissive mode
  selinux_permissive: name=logrotate_t permissive=True
  when: ansible_selinux.status == 'enabled'

- name: Create mount points directories
  file: path={{ item.name }} state=directory
  with_items: "{{ fstab }}"
  ignore_errors: True # needed for some fuse mount points

- name: Configure mount points
  mount:
    name: "{{ item.name }}"
    src: "{{ item.src }}"
    fstype: "{{ item.fstype | default(omit) }}"
    opts: "{{ item.opts | default(omit) }}"
    boot: "{{ item.boot | default(omit) }}"
    state: "{{ item.state | default('mounted') }}"
  with_items: "{{ fstab }}"

- name: Set swappiness
  sysctl:
    name: vm.swappiness
    value: "{{ system_swappiness }}"
    sysctl_file: /etc/sysctl.d/ansible.conf
    state: present
  when: ansible_virtualization_role == 'host' or (ansible_virtualization_type != 'lxc' and ansible_virtualization_type != 'systemd-nspawn')

- name: Set sysctl values
  sysctl:
    name: "{{ item }}"
    value: "{{ system_sysctl[item] }}"
    sysctl_file: /etc/sysctl.d/ansible.conf
    state: present
  when: ansible_virtualization_role == 'host' or ansible_virtualization_type != 'lxc'
  loop: "{{ system_sysctl.keys() | list }}"

- name: Create symlink for restricted bash
  file:
    src: /bin/bash
    dest: /bin/rbash
    state: link

- name: Set bash as default shell
  file:
    src: /bin/bash
    dest: /bin/sh
    state: link

- name: Configure logrotate compression
  blockinfile:
    dest: /etc/logrotate.conf
    insertbefore: BOF
    block: |
      compress
      compressoptions -T0
      compresscmd /usr/bin/xz
      compressext .xz
      uncompresscmd /usr/bin/unxz

- name: Configure crond to send cron's log to syslog
  copy: src=crond dest=/etc/sysconfig/crond mode=600
  notify: restart crond
  when: ansible_os_family == 'RedHat'

- name: Deploy fstrim script
  copy: src=fstrim_all dest=/usr/local/bin/fstrim_all mode=755

- name: Add a cron task to run fstrim
  cron:
    name: fstrim
    special_time: "{{ system_fstrim_freq }}"
    user: root
    job: 'sleep $(( 3600 + 1$(/bin/date +\%N) \% 7200 )); /usr/bin/systemd-cat /usr/local/bin/fstrim_all'
    cron_file: fstrim
    state: "{{ (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'lxc') | ternary('absent','present') }}"

- name: Deploy global vimrc
  copy: src=vimrc.local_{{ ansible_os_family }} dest=/etc/vim/vimrc.local
  when: ansible_os_family == 'Debian'

- name: Configure vim for dark background
  lineinfile: path=/etc/vimrc regexp='^set\sbackground=' line='set background=dark'
  when: ansible_os_family == 'RedHat'

- name: Configure screen to use login shell
  lineinfile: path=/etc/screenrc regexp='^shell\s.*' line='shell -/bin/sh'
  when: ansible_os_family == 'Debian'

- name: Handle syslog daemon
  service:
    name: rsyslog
    state: "{{ (system_disable_syslog | default(False)) | ternary('stopped','started') }}"
    enabled: "{{ (system_disable_syslog | default(False)) | ternary(False,True) }}"

- name: Remove systemd-journal-upload
  yum: name=systemd-journal-gateway state=absent
  when: ansible_os_family == 'RedHat'

- name: Remove systemd-journal-upload
  apt: name=systemd-journal-remote state=absent
  when: ansible_os_family == 'Debian'

- name: Remove Journal upload state directory
  file: path=/var/lib/systemd/journal-upload state=absent

- name: Remove journal-upload configuration
  file: path={{ item }} state=absent
  loop:
    - /etc/systemd/journal-upload.conf
    - /etc/systemd/system/systemd-journal-upload.service

- name: Remove old bash aliases script
  file: path=/etc/profile.d/bash_aliases.sh state=absent

- name: Deploy bash aliases
  template: src=bash_aliases.sh.j2 dest=/etc/profile.d/ansible_aliases.sh mode=755

- name: Ensure /etc/rc.d exists
  file: path=/etc/rc.d state=directory

- name: Deploy rc.local script
  template: src=rc.local.j2 dest=/etc/rc.d/rc.local mode=755

- name: Deploy rc.local.shutdown script
  template: src=rc.local.shutdown.j2 dest=/etc/rc.d/rc.local.shutdown mode=755

  # Debian is using /etc/rc.local while RHEL is using /etc/rc.d/rc.local
- name: Link /etc/rc.local to /etc/rc.d/rc.local
  file: src=/etc/rc.d/rc.local path=/etc/rc.local state=link force=True

- name: Link /etc/rc.local.shutdown to /etc/rc.d/rc.local.shutdown
  file: src=/etc/rc.d/rc.local.shutdown path=/etc/rc.local.shutdown state=link force=True

- name: Deploy rc-local-shutdown systemd unit
  template: src=rc-local-shutdown.service.j2 dest=/etc/systemd/system/rc-local-shutdown.service
  register: system_rc_local_shutdown_unit

- name: Reload systemd
  systemd: daemon_reload=True
  when: system_rc_local_shutdown_unit.changed

- name: Enable rc-local-shutdown service
  service: name=rc-local-shutdown enabled=True

...