---
# This ansible-playbook does the setup of already 'bootstrapped' machines.
#
# It does not create own users, etc. You need a working ssh access to the
# target system.
#
# What it does:
#   - sets hostname (to inventory hostname, short hostname derived
#     from it)
#
# This playbook should be played as second thing after getting your
# hands over new hardware and after being "bootstrapped".
#
- hosts: bootstrapped
  become: yes
  vars:
    hostname_fqdn: "{{ inventory_hostname }}"
    hostname_short: "{{ hostname_fqdn.split('.').0 }}"

  tasks:
    - name: update packages
      apt:
        upgrade=safe
        update_cache=yes

    - name: set hostname to {{ hostname_fqdn }}, {{ hostname_short }}
      hostname:
        name: "{{ hostname_short }}"

    - name: set FQDN for ipv4/ipv6 interfaces in /etc/hosts
      lineinfile:
        dest: /etc/hosts
        regexp: '^{{ item }} '
        line: '{{ item }} {{ hostname_fqdn }} {{ hostname_short }}'
        state: present
        backup: yes
      when: not ('NO DEFAULT' in item)
      with_items:
        - "{{ ansible_default_ipv4.address | default('NO DEFAULT IPv4 ADDRESS DEFINED') }}"
        - "{{ ansible_default_ipv6.address | default('NO DEFAULT IPv6 ADDRESS DEFINED') }}"

    - name: install basic packages we use on each host
      apt:
        name: ['rkhunter', 'screen', 'unattended-upgrades', 'apt-show-versions', 'fail2ban']
        state: present