- name: server
  hosts: servers
  become: no
  gather_facts: no
  roles:
    # Ansible prerequisites
    - schuerg.prerequisites

- name: server
  hosts: servers
  #become: yes
  #gather_facts: no
  roles:
    # Ansible prerequisites
    #- robertdebock.bootstrap

    # EPEL for centos
    #- geerlingguy.repo-epel

    #NTP is important for curl and apt
    #    - ericsysmin.system.ntp



    # Users
    #- sysadmins

    # Locales
    # TODO set locales date and currency
    #- alvistack.locales
    - role: oefenweb.locales
      vars:
        locales_default:                              
          lang: en_US.UTF-8                          
          lc_all: en_US.UTF-8


    # Sys update. Playbook bien fait.
    - robertdebock.update

    # Manage sudoers
    #- GROG.sudo

    
    # ssh security
    # using geerlingguy security
    #- dev-sec.ssh-hardening
    - role: geerlingguy.security
      vars:
        security_ssh_port: 45985
        security_ssh_password_authentication: "no"    
        security_ssh_permit_root_login: "yes"    
        security_ssh_usedns: "no"    
        security_ssh_permit_empty_password: "no"    
        security_ssh_challenge_response_auth: "no"    
        security_ssh_gss_api_authentication: "no"    
        security_ssh_x11_forwarding: "no"
        security_autoupdate_enabled: true
        security_fail2ban_enabled: false

    
    # fail2ban
    #- oefenweb.fail2ban
    #- robertdebock.fail2ban

    # firewall conf
    # TODO it destroy the DOCKER rules…
    #- geerlingguy.firewall

    # Rootkit protection
    #- mablanco.antirootkits
    

    # antivirus
        #- geerlingguy.clamav

    # docker
    - role: geerlingguy.docker
      vars:
        docker_service_enabled: false

    # timezone
    - role: oefenweb.timezone
      vars:
        timezone_zone: Europe/Paris

    # ntp
    #- geerlingguy.ntp
    #TODO

    # docker metrics proxy
    #- docker-metrics-proxy
      
    # logrotate
    # - ontic/logrotate

    # apparmor ?
    # - manala.apparmor

    # autofs
    # - cmprescott.autofs_ng

    # smart TODO
    #- stuvusit/smartd

    # graylog Nope, too heavy…
    # TODO lininfile for prometheus
    # 127.0.1.1 docker-host
    - jean-cloud-common

    ##- deploy_all