ansible-server-infrastruktur/roles/common/tasks/main.yml

---

- name: configure pacman mirror
  template: src=mirrorlist.j2 dest=/etc/pacman.d/mirrorlist owner=root group=root mode=0644

- name: remove ntp
  pacman: name=ntp state=absent

- name: start and enable systemd-timesyncd
  service: name=systemd-timesyncd enabled=yes state=started

- name: install smart
  pacman: name=smartmontools state=present

- name: start and enable smart
  service: name=smartd enabled=yes state=started

- name: install mlocate
  pacman: name=mlocate state=present

- name: activate regular updatedb for mlocate
  service: name=updatedb.timer enabled=yes state=started

- name: generate locales
  locale_gen: name={{ item }} state=present
  with_items:
    - en_US.UTF-8
    - de_DE.UTF-8

- name: configure locales
  template: src=locale.conf.j2 dest=/etc/locale.conf owner=root group=root mode=0644

- name: generate ssh key for root
  command: ssh-keygen -b 4096 -N "" -f /root/.ssh/id_rsa creates="/root/.ssh/id_rsa"

- name: configure default qdisc
  sysctl:
    name: net.core.default_qdisc
    value: "{{default_qdisc}}"
    sysctl_file: /etc/sysctl.d/net.conf
  when: default_qdisc is defined

- name: apply default qdisc to interfaces
  command: tc qdisc replace dev {{item}} root {{default_qdisc}}
  with_items: "{{ansible_interfaces | difference('lo')}}"
  when: default_qdisc is defined

- name: configure tcp congestion control algorithm
  sysctl:
    name: net.ipv4.tcp_congestion_control
    value: "{{tcp_congestion_control}}"
    sysctl_set: yes
    sysctl_file: /etc/sysctl.d/net.conf
  when: tcp_congestion_control is defined

- name: configure tcp receive window limits
  sysctl:
    name: net.ipv4.tcp_rmem
    value: "{{tcp_rmem}}"
    sysctl_set: yes
    sysctl_file: /etc/sysctl.d/net.conf
  when: tcp_rmem is defined

- name: configure tcp send window limits
  sysctl:
    name: net.ipv4.tcp_wmem
    value: "{{tcp_wmem}}"
    sysctl_set: yes
    sysctl_file: /etc/sysctl.d/net.conf
  when: tcp_wmem is defined

- name: configure journald
  template: src={{item}}.j2 dest=/etc/systemd/{{item}} owner=root group=root mode=644
  with_items:
    - journald.conf
  notify:
    - restarted journald

- name: install system.conf
  template: src=system.conf.j2 dest=/etc/systemd/system.conf owner=root group=root mode=0644
  notify:
    - systemd daemon-reload

- name: create zsh directory
  file: path=/root/.zsh state=directory owner=root group=root mode=0700

- name: install root shell config
  copy: src={{item}} dest=/root/.{{item}} owner=root group=root mode=0644
  with_items:
    - zshrc
    - dircolors

#- name: add kernel packages to IgnorePkg
#  lineinfile:
#    dest: /etc/pacman.conf
#    insertafter: '^#IgnorePkg'
#    regexp: '^IgnorePkg'
#    line: 'IgnorePkg = linux linux-headers linux-hardened linux-hardened-headers linux-lts linux-lts-headers'