---

# we don't want to disrupt servers where this role is manually maintained!
# thus: warning and block statement

- name: full-stop if server role is manually maintained on this server
  debug: msg="server role skipped to not disrupt manual maintenance - set ansible_managed_server to True to enable ansible control"
  when: (not ansible_managed_server is defined) or (not ansible_managed_server)

- block:
  - name: ensure needed system users are present
    user: name=admin comment="Freifunk MWU Admin" shell=/bin/bash state=present

  - name: ensure all wanted ssh keys exclusively
    authorized_key: exclusive=True state=present user=admin
                key={{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}

  - name: ensure vim is default editor
    alternatives: name=editor path=/usr/bin/vim.basic

  - name: set timezone to Europe/Berlin
    timezone: name=Europe/Berlin

  when: (ansible_managed_server is defined) and (ansible_managed_server)
# end block